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Abstract 



We propose a purely extensional semantics for higher-order logic programming. In this 
semantics program predicates denote sets of ordered tuples, and two predicates are equal 
' iff they are equal as sets. Moreover, every program has a unique minimum Herbrand model 

. which is the greatest lower bound of all Herbrand models of the program and the least 

fT^ ' fixed-point of an immediate consequence operator. We also propose an SLD-resolution 

proof procedure which is proven sound and complete with respect to the minimum model 
■ semantics. In other words, we provide a purely extensional theoretical framework for 

higher-order logic programming which generalizes the familiar theory of classical (first- 
order) logic programming. 



K*^ ■ 1 Introduction 



The two most prominent declarative paradigms, namely logic and functional programming, 
differ radically in an important aspect: logic programming is traditionally first-order while 
functional programming encourages and promotes the use of higher-order functions and con- 
structs. One problem is that even second-order logic fails in terms of vital properties such as 
completeness and compactness. It would seem, on the face of it, that there would be no hope 
of finding a complete resolution proof procedure for higher-order logic programming. 

The initial attitude of logic programmers towards higher-order logic programming was 
somewhat skeptical: it was often argued (see for example |War82j ) that there exist ways of 
encoding or simulating higher-order programming inside Prolog itself. However ease of use is 
a primary criterion for a programming language, and the fact that higher-order features can 
be simulated or encoded does not mean that it is practical to do so. 
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m Artificial Intelligence (JELIA). LNCS 6341, Springer, pages 91-103, 2010. 
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ESF) and Greek national funds through the Operational Program "Education and Lifelong Learning" of the 
National Strategic Reference Framework (NSRF) - Research Funding Program: Heracleitus II. Investing in 
knowledge society through the European Social Fund. 



Eventually extensions with genuine higher-order capabilities were introduced - roughly 
speaking, extensions which allow predicates to be applied but also passed as parameters. The 
two most prominent such languages are AProlog ^MN86t INad87] and HiLog |CKW8 9. C KW93] . 
These two systems share a common idea, namely they are both intensional. Intuitively speak- 
ing, an intensional language places almost no restraints on the way in which a predicate can be 
passed and used. In an intensional language it is possible that two co-extensional predicates 
are not considered equal. In other words, a predicate in such a language is more than just the 
set of arguments for which it is true. 

However, for many applications intensionality appears to be appropriate. Suppose, for 
example, we have a database of professions, both of their membership and their status. We 
might have rules such as: 

engineer (torn) . 
engineer (sally) . 
programmer (harry) . 

with engineer and programmer used as predicates. But in intensional higher-order logic 
programming we could also have rules in which these are arguments, eg: 

prof ession(engineer) . 
prof ession (programmer) . 

Now suppose tom and sally are also avid users of Twitter. We could have rules: 

tweeter (tom) . 
tweeter (sally) . 

In the absence of other rules, it is clear that the tweeters are exactly the engineers; but the 
query: 

?-prof ession(tweeter) . 

fails. This failure contradicts the extensionality principle, which holds that predicates that 
succeed for exactly the same instances are equal. However, in this context the failure of 
extensionality does not seem unnatural. 

Nevertheless, the failure of extensionality cannot in general be taken lightly. It means 
that we cannot use our mathematicians' intuitions of relations, intuitions based on hundreds 
of years of mathematical development. It raises doubts that rules like those just given can 
have a simple declarative meaning. Moreover, there are many applications that call for higher- 
order logic (predicates used as arguments) but do not involve intensional notions. As a simple 
example, consider the predicate allmembers(L,P) which asserts that all elements of the list 
L have property P. Predicate allmembers raises no foundational issues and the corresponding 
rules seem obvious: 

allmembers ( [] ,P) . 

allmembers ( [H I T] ,P) :-P(H) .allmembers (T,P) . 

However this is not legitimate Prolog, and to write these rules we currently have no choice 
but to use an intensional higher-order language, even though the logic behind allmembers is 
entirely extensional. For example, if the query: 

?-allmembers ( [a , b , c] , p) . 

succeeds and q is co-extensional with p, we can be sure that the query 

?-allmember s ( [a , b , c] , q) . 

will also succeed. 
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Are there more modest higher-order extensions of logic programming that do not entail 
intensionality? After all, higher-order extensions of functional programming are almost all 
extensional. This question was first raised by W. W. Wadge in [Wad91j and answered in 
the affirmative. Wadge discovered a simple syntactic restriction which, though it limited the 
applicability of the language, ensured that compliant programs have an extensional declarative 
reading. The restriction forbids a user-defined predicate to appear as an argument in the head 
of a clause. For example, of the rules cited already, 

prof ession(engineer) . 

violates the restriction, but 

allmembers ( [] ,P) . 

complies with it. Roughly speaking, the restriction says that rules about predicates can state 
general principles but cannot pick out a particular predicate for special treatment. Wadge 
gave several examples of useful extensional higher-order programs and outlined the proof of a 
minimum-model result. He also showed that in this model the denotations of program predi- 
cates are monotonic and continuous. Continuity, in this context, is a kind of finitaryness. For 
example, if f oo(p) succeeds and foo is continuous, it means there is a finite set of arguments 
{ai, . . . , a^} for which p(a^) , . . . , pCa^^.) all succeed; moreover, if q(a^) , . . . , qCa^^.) also succeed, 
then foo(q) succeeds. 

Contributions: In this paper we extend the study initiated in |Wad91j and derive the first, 
to our knowledge, complete theoretical framework for extensional higher-order logic program- 
ming, both from a semantic as-well-as from a proof theoretic point of view. 

Our first contribution is the development of a novel extensional semantics for higher-order 
logic programming that is based on algebraic lattices (see for example |Gra78] ). a subclass of 
the familiar complete lattices that have traditionally been used in the theory of first-order 
logic programming. For every predicate type of our language, algebraic lattices single out a 
subset of "finite" objects of that type. In other words, the proposed semantics reflects in a 
direct way the finitary nature of continuity that is implicit in |Wad91] . The benefit of the new 
approach compared to that of |Wad91] is that all basic properties and results of classical logic 
programming are now transferred in the higher-order setting in a natural way. Moreover, the 
new semantics leads to a relatively simple sound and complete proof procedure (see below) 
even for a language that is genuinely more powerful than the one considered in |Wad91] . More 
details on the connections between the two approaches will be given in 15.31 

Our second contribution fixes a major shortcoming of Wadge's language by allowing clause 
bodies and program goals to have uninstantiated higher-order variables. To understand the 
importance of this extension, consider the following axiom for bands (musical ensembles): 

band(B) : -singer (S) ,B(S) ,drunmer(D) ,B(D) .guitarist (G) ,B(G) . 

This says that a band is a group that has at least a singer, a drummer, and a guitarist. Suppose 
that we also have a database of musicians: 

singer (sally) . 
singer (steve) . 
drummer (dave) . 
guitarist (george) . 
guitarist (grace) . 

Our extensional higher-order language allows the query ?-band(B). At first sight a query 
like this is impractical if not impossible to implement. Since a band is a set, bands can be 
very large and there can be many, possibly uncountably infinitely many of them. In existing 
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intensional systems such queries fail since the program does not provide any information about 
any particular band. 

However, in an extensional context the finitary behavior of the predicates of our language, 
saves us. If the predicate band declares a relation to be a band, then (due to the finitaryness 
described above) it must have examined only finitely many members of the relation. Therefore 
we can enumerate the bands by enumerating finite bands, and this collection is countable (in 
this particular example it is actually finite). Actually, as we are going to see, this enumeration 
can be performed in a careful way so as that it avoids producing all finite relations one by one 
(see the discussion in Section [2] that follows) . 

Our final contribution, and not the least, is a relatively simple proof procedure for exten- 
sional higher-order logic programming, which extends classical SLD-resolution. We demon- 
strate that the new proof procedure is sound and complete with respect to the proposed 
semantics. In particular, the derived completeness theorems generalize the well-known such 
theorems for first-order logic programming. This result may, at first sight, also seem paradoxi- 
cal, given the well-known failure of completeness for even second-order logic. But the paradox 
is resolved by recalling that we are dealing with a restricted subset of higher-order logic and 
that the denotations of the types of our language are not arbitrary sets but instead algebraic 
lattices (which have a much more refined structure). 

One very important benefit of the proof procedure is that it gives us an operational seman- 
tics for our language. This means in turn that we could probably extend it with cut, negation 
and other operational features not easily specified in terms of model theory alone. 

The rest of the paper is organized as follows: Section [2] presents in a more detailed manner 
the basic ideas developed in this paper. Section [3] introduces the syntax of the higher-order 
logic programming language Ti. Section [J] introduces the key lattice-theoretic notions that will 
be needed in the development of the semantics. Sections [5] and [6] develop the semantics and 
the minimum Herbrand model semantics of T-L; the main properties of the semantics are also 
established. Section [7] introduces an SLD-resolution proof procedure for Ti and establishes its 
soundness and completeness. Section [8] presents a brief description of related approaches to 
higher-order logic programming. Section [9] briefly discusses implementation issues and presents 
certain interesting topics for future work. The lengthiest among the proofs have been moved 
to corresponding appendices in order to enhance the readability of the paper. 

2 The Proposed Approach: an Intuitive Overview 

As discussed in the previous section, the purpose of this paper is to develop a purely ex- 
tensional theoretical framework for higher-order logic programming which will generalize the 
familiar theory of first-order logic programming. The first problem we consider is to bypass 
one important restriction of |Wad91] , namely the inability to handle programs in which clauses 
contain uninstantiated predicate variables. The following example illustrates these ideas: 

Example 2.1 Consider the following higher-order program written in an extended Prolog-like 
syntax: 

p(Q):-Q(0),Q(s(0)). 
nat(O) . 

nat(s(X)) :-nat(X) . 

The Herbrand universe of the program is the set of natural numbers in successor notation. 
According to the semantics of \ WadQljj . the least Herbrand model of the program assigns to 
predicate p a continuous relation which is true of all unary relations that contain at least 
and s(0). Consider now the query: 

?-p(R) . 
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which asks for all relations that satisfy p. Such a query seems completely unreasonable, since 
there exist uncountably many relations that must be substituted and tested in the place ofR. I 

The above example illustrates why uninstantiated predicate variables in clauses were dis- 
allowed in |Wad91j . From a theoretical point of view, one could extend the semantics to cover 
such cases, but the problem is mainly a practical one: "how can one implement such programs 
and queries?" . 

In more formal terms, the least Herbrand model of a higher-order program under the 
semantics of |Wad91 ] is in general an uncountable set; in our example, this is evidenced by the 
fact that there exists an uncountable number of unary relations over the natural numbers that 
contain both and s (0) . This observation comes in contrast with the semantics of first-order 
logic programming in which the least Herbrand model of a program is a countable set. How 
can one define a proof procedure that is sound and complete with respect to this semantics? 
The key idea for bypassing these problems was actually anticipated in the concluding section 
of |Wad91| : 

Our higher order predicates, however, are continuous: if a relation satisfies a pred- 
icate, then some finite subset satisfies it. This means that we have to examine only 
finite relations. 

In the above example, despite the fact that there exists an infinite number of relations that 
satisfy p, all these relations are supersets of the finite relation {0, s(0)}. In some sense, this 
finite relation represents all the relations that satisfy p. But how can we make the notion of 
"finiteness" more explicit? In order to define a sound and complete proof procedure for an 
interesting extensional higher-order logic programming language, our semantics must in some 
sense reflect the above "finitary" concepts more explicitly. 

An idea that springs to mind is to define an alternative semantics in which variables (like 
Q in Example 1 2. ip range over finite relations (and not over arbitrary relations as in |Wad91] ). 
Of course, the notion of "finite" should be appropriately defined for every predicate type. But 
then an immediate difficulty appears to arise. Given again the program in Example 12.11 and 
the query 

?-p(nat) . 

it is not immediately obvious what the meaning of the above is. Since we have assumed that Q 
ranges over finite relations, how can p be applied to an infinite one? To overcome this problem, 
observe that in order for the predicate p to succeed for its argument Q, it only has to examine 
a "finite number of facts" about Q (namely whether Q is true of and s(0)). This remark 
suggests that the meaning of p (nat) can be established following a non-standard interpretation 
of application: we apply the meaning of p to all the "finite approximations" of the meaning 
of nat, ie., to all finite subsets of the set {0, s (0) , s (s (0) ) , . . .}. In our case p(nat) will be 
true since there exists a finite subset of the meaning of nat for which the meaning of p is true 
(namely the set {0,s(0)}). 

Notice that the new semantical approach outlined above, heavily relies on the idea that the 
meaning of predicates (like nat) can be expressed as the least upper bound of a set of simpler 
(in this case, finite) relations. Actually, this is an old and well-known assumption in the area 
of denotational semantics, as the following excerpt from |Sto77j [page 98] indicates: 

So we may reasonably demand of all the value spaces in which we hope to compute 
that they come equipped with a particular countable subset of elements from which 
all the other elements may be built up. 

As we are going to demonstrate, the meaning of every predicate defined in our language pos- 
sesses the property just mentioned, and this allows us to use the new non-standard semantics 
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of application. In fact, as we are going to see, for every predicate type of our language, the set 
of possible meanings of this type forms an algebraic lattice [Gra78j : then, the above property 
is nothing more than the key property which characterizes algebraic lattices (see Proposi- 
tion STTl])) namely that ^^every element of an algebraic lattice is the least upper bound of the 
compact elements of the lattice that are below it" . More importantly, for the algebraic lattices 
we consider, it is relatively easy to identify these compact elements and to enumerate them one 
by one. Based on the above semantics, we are able to derive for higher-order logic programs 
many properties that are either identical or generalize the familiar ones from first-order logic 
programming (see Section [6]). 

The new semantics allows us to introduce a relatively simple, sound and complete proof 
procedure which applies to programs and queries that may contain uninstantiated predicate 
variables. This is due to the fact that the set of "finite" relations is now countable, and as we 
are going to see, there exist interesting ways of producing and enumerating them. The key 
idea can be demonstrated by continuing Example 12.11 Given the query: 

?-p(R) . 

one (inefficient and tedious) approach would be to enumerate all possible finite relations of 
the appropriate type over the Herbrand universe. Instead of this, we use an approach which 
is based on what we call basic templates: a basic template for R is (intuitively) a finite set 
whose elements are individual variables. This saves us from having to enumerate all finite 
sets consisting of ground terms from the Herbrand universe. For exampl43, assume that we 
instantiate R with the template {X,Y}. Then, the resolution proceeds as follows: 

?-p(R) 
?-p({X,Y}) 

?-{X,Y}(0),{X,Y}(s(0)) 
?-{0,Y}(s(0)) 

□ 

and the proof procedure will return the answer R = {0,s(0)}. The proof procedure will 
also return other finite solutions, such as R = {0,s(0),Zi}, R = {O, s (0) , Zi, Z2}, and so on. 
However, a slightly optimized implementation (see Section [9|) can be created that returns 
only the answer R = {0,s(0)}, which represents all the finite relations produced by the proof 
procedure. The intuition behind the above answer is that the given query succeeds for all 
unary relations that contain at least and s(0). Similarly, for the band example of Section [H 
the implementation will systematically assemble all the minimal three-member bands from the 
talents available. 

3 The Higher-Order Language 1-L: Syntax 

In this section we introduce the higher-order logic programming language H, which extends 
classical first-order logic programming to a higher-order setting. The language H is based on 
a simple type system that supports two base types: o, the boolean domain, and l, the domain 
of individuals (data objects). The composite types are partitioned into three classes: func- 
tional (assigned to function symbols), predicate (assigned to predicate symbols) and argument 
(assigned to parameters of predicates). 

Definition 3.1 A type can either be functional, argument, or predicate: 

a := i I (t — > cj) 

p := i I vr 

vr := o I (p — )• vr) 

^The notation we use for representing basic templates will slightly change in Section [T] 
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We will use r to denote an arbitrary type (either functional, argument or predicate one). 

As usual, the binary operator is right-associative. A functional type that is different 
than L will often be written in the form //' — > t, n > 1. Moreover, it can be easily seen that 
every predicate type tt can be written in the form pi Pn ~^ o, ra > (for ri = we 

assume that tt = o). 

We can now proceed to the definition of Ti, starting from its alphabet: 
Definition 3.2 The alphabet of the higher-order language H consists of the following: 

1. Predicate variables of every predicate type tt ( denoted by capital letters such as P, Q, R, . . .). 

2. Predicate constants of every predicate type tt (denoted by lowercase letters such as 
p,q,r,...;. 

3. Individual variables of type l (denoted by capital letters such as X, Y, Z, . . .). 
4- Individual constants of type t (denoted by lowercase letters such as a, b,c, . . .). 

5. Function symbols of every functional type a ^ t (denoted by lowercase letters such as 

f,g,h,...;. 

6. The following logical constant symbols: the propositional constants and 1 of type o; 
the equality constant « of type i ^ i ^ o; the generalized disjunction and conjunction 
constants \l ^ and of type tt — )■ vr — )■ o, for every predicate type n; the generalized 
inverse implication constants of type ir ^ n o, for every predicate type tt; the 
existential quantifier 3p, of type {p o) o, for every argument type p. 

7. The abstractor A and the parentheses "{ " and ". 

The set consisting of the predicate variables and the individual variables of %, will be called 
the set o/ argument variables ofH. Argument variables will be usually denoted by V and its 
subscripted versions. 

The existential quantifier in higher-order logic is usually introduced in a different way than 
in first-order logic. So, for example, in order to express the quantification of the argument 
variable V of type p over the expression E one writes (3p (AV.E)). For simplicity, we will use 
in this paper the more familiar notation (3pV E). 

We proceed by defining the set of positive expressions of Ti: 

Definition 3.3 The set of positive expressions of the higher-order language % is recursively 
defined as follows: 

1. Every predicate variable (respectively, predicate constant) of type tt is a positive expres- 
sion of type tt; every individual variable (respectively, individual constant) of type l is a 
positive expression of type i; the propositional constants and 1 are positive expressions 
of type o. 

2. If f is an n-ary function symbol and Ei, . . . , E„ are positive expressions of type l, then 
(f El • • • E„) is a positive expression of type l. 

3. If El is a positive expression of type /? — > vr and E2 is a positive expression of type p, 
then (E1E2) is a positive expression of type n. 

4. If y is an argument variable of type p and E is a positive expression of type tt, then 
(AV.E) is a positive expression of type p ^ tt. 
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5. If El, E2 are positive expressions of type it, then (Ei /\^ E2) and (Ei \/^ E2) are positive 
expressions of type vr. 

6. If El, E2 are positive expressions of type l, then (Ei E2) is a positive expression of type 
o. 

7. IfEis an expression of type and V is an argument variable of any type p, then (3pV E) 
is a positive expression of type o. 

The notions of free and bound variables of an expression are defined as usual. An expression 
is called closed if it does not contain any free variables. 

The set of clausal expressions of H can now be specified: 

Definition 3.4 The set of clausal expressions of the higher-order language % is defined as 
follows: 

1. If 'p is a predicate constant of type vr and E is a closed positive expression of type vr then 
p -^TT E is a clausal expression of type o ofH, also called a program clause. 

2. If E is a positive expression of type o, then E (usually denoted by E or just 

E) is a clausal expression of type ofTi, also called a goal clause. 

Notice that (following the tradition of first-order logic programming) we will often talk about 
the "empty clause" which is denoted by □ and is equivalent to the propositional constant 1. 

The union of the sets of positive and clausal expressions of % will be called the set of 
expressions of %. To denote that an expression E has type r, we will often write E : r; 
additionally, we write type{E) to denote the type of expression E. Expressions of type l will be 
called terms and of type will be called formulas. We will write -i^, A and V instead of o, /\^ 
and Vo- Moreover, instead of 3p we will often write 3. When writing an expression, in order 
to avoid the excessive use of parentheses, certain usual conventions will be adopted (such as 
for example the usual priorities between logical constants, the convention that application is 
left-associative and that lambda abstraction extends as far to the right as possible, and so on). 
Given an expression E, we denote by FV{E) the set of all free variables of E. By overloading 
notation, we will also write FV{S), where S" is a set of expressions. 

Notice that in Definition 13.41 above, a goal clause may contain two types of occurrences of 
variables that serve a similar purpose, namely free argument variables and argument variables 
that are existentially quantified. From a semantic point of view, these two types of variables are 
essentially the same. However, in a later section we will distinguish them from an operational 
point of view: the free argument variables that appear in a goal are the ones for which an 
answer is sought for by the proof procedure; the argument variables that are existentially 
quantified are essentially free variables for which an answer is not sought for (something like 
the underscored variables in Prolog systems). This distinction is not an important one, and we 
could have proceeded in a different way (eg. by disallowing existentially quantified variables 
from goals). 

Definition 3.5 A program ofH is a set of program clauses ofH. 

Example 3.6 The following is a higher-order program that computes the closure of its input 
binary relation R. The type of closure is vr = (t — >■ t — ?> o) — ?> i — >■ t — ?> o. 

closure AR.AX.AY. (R X Y) 

closure AR. AX. AY. 3Z( (R X Z) A (closure R Z Y)) 
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or even more compactly: 

closure (AR.AX.AY.(R X Y) ) Vtt (AR. AX. AY.3Z((R X Z)A(closure R Z Y))) 

A possible query could be: ^ (closure R a b) (which intuitively requests for those binary 
relations such that the pair (a, b) belongs to their transitive closure). In a Prolog-like extended 
syntax, the above program would have been written as: 

closureCR, X, Y) :-R(X, Y) . 

closure(R, X, Y) :-R(X, Z) , closure(R, Z, Y) . 

and the corresponding query as <r- closure (R, a, b). I 

Example 3.7 We define a predicate ordered which checks whether its second argument (a 
list) is ordered according to its first argument (a binary relation). The type of ordered is 
7r=(<.— >-t— )-o)— >-t— >o (notice that the type of a list is also l since a list is nothing more 
than a term). In Prolog-like syntax, the program is the following: 

ordered (R, [ ] ) . 
ordered (R, [X]) . 

orderedCR, [X,Y|T]) : - R(X, Y) , ordered(R, [Y|T]). 

In the syntax of % ( slightly extended with the standard notation for lists ), the above program 
can be written as follows: 

ordered AR . AL . (L~ [ ] ) 
ordered AR.AL. (3X(Lf» [X])) 

ordered^^ AR.AL. (3X3Y3T((L«[X,Y|T])A(R X Y) A (ordered R [Y|T]))) 

Assume that we have also defined a binary relation less which succeeds if its first argument (eg. 
a natural number) is less than the second one. Then, the query ^ ordered less [1,4,7,10] 
is expected to succeed. On the other hand, the query ^ ordered R [a,b,c,d] requests for 
all binary relations under which the list [a,b,c,d] is ordered. As it will become clear in the 
subsequent sections of the paper, this is a meaningful question which can obtain a reasonable 
answer. I 



4 Algebraic Lattices 

In order to develop the semantics oiH, we first need to introduce certain lattice-theoretic con- 
cepts. As it is well-known, the standard semantics of classical (first-order) logic programming, 
is based on complete lattices (see for example |Llo87j ). As we are going to see, the development 
of the semantics of H is based on a special class of complete lattices, namely algebraic lattices 
(see for example [Gra78j ) . An algebraic lattice is a complete lattice in which every element 
can be created by using certain compact (intuitively, "simple" ) elements of the lattice. In our 
setting, these compact elements will be the ones that the proof procedure will generate in 
order to answer queries that involve uninstantiated predicate variables. We should mention 
at this point that algebraic partially ordered sets are widely used in domain theory (see for 
example |AJ94j ). 

We start by introducing some mathematical preliminaries concerning lattice theory. Since 
the bibliography on partially ordered sets is huge, certain results appear in one form or another 
in various contexts, and they are often hard to locate in the exact form needed. Proposi- 
tions 14.71 14.101 and 14.141 fall into this category; for reasons of completeness, we have included 
short proofs for them. On the other hand. Lemma 14.171 is. to our knowledge, new. We start 
with some basic definitions: 
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Definition 4.1 A set P with a binary relation Cp is called a partially ordered set or poset 
if Ep is reflexive, transitive and antisymmetric. 

Usually, the subscript P in will be omitted when it is obvious from context. 

Definition 4.2 Let P he a poset. An element x ^ P is called an upper bound for a subset 
A C P, if for every y G A, y Q x. If the set of upper bounds of A has a least element, then this 
element is called the least upper bound (or luh) of A and is denoted by \_\A. Symmetrically, 
one can define the notions of lower bound and greatest lower bound (or g\h) of A (this last 
notion denoted by\~\A). 

The following proposition (see for example |AJ94j [Proposition 2.1.4]) will prove useful later in 
the paper: 

Proposition 4.3 Let P be a poset and let A, B, {Ai)i^i be subsets of P. Then, the following 
statements hold (provided the gibs and lubs occurring in the formulas exist): 

1. A(1B implies \_\AQl\B. 

2. IfA = {j,^,Ai, then[}A = U^^I{UAi). 

Definition 4.4 Let P he a poset. A subset A of P is directed, if it is nonempty and each 
pair of elements of A has an upper bound in A. 

Definition 4.5 Let P and Q be posets. A function f : P ^ Q is called monotonic if for all 
x,y (z P with X Qp y, we have f{x) Cg f{y). The set of all monotonic functions from P to 
Q is denoted by [P ^ Q\. 

Notice that monotonicity can be generalized in the obvious way for functions / : Q, 
n > 0, since P" is also a poset (where the partial order in this case is defined in a point-wise 
way). 

We are particularly interested in one type of posets, namely complete lattices: 

Definition 4.6 A poset L in which every subset has a least upper bound and a greatest lower 
bound, is called a complete lattice. 

In fact, there is a symmetry here: the existence of all least upper bounds suffices to prove that 
a poset is indeed a complete lattice, a fact that we will freely use throughout the paper. 

Proposition 4.7 Let P be a poset, L a complete lattice and let f : P x P ^ L be a monotonic 
function. Then, UxeP,yeP fi^^v) = UxeP /(^' 

Proof. An easy proof using basic properties of posets (see for example the corresponding 
proof for domains jTenQl] [Lemma 5.3, page 92]). I 

Definition 4.8 Let L be a complete lattice. A function f : L L is called continuous if it is 
monotonic and for every directed subset A of L, we have fi\_}A) = \_}f{A). 

We will write _Ll for the greatest lower bound of a complete lattice L (called the bottom 
element of L). A very useful tool in lattice theory, is Kleene's fixpoint theorem: 
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Theorem 4.9 Let L be a complete lattice. Then, every continuous function f : L L has a 
least fixpoint lfp{f) given by lfp{f) = \_\n<w Pi^Lj- 

Let A be an arbitrary set and L be a complete lattice. Then, a partial order can be defined 
on A — )• L: for all /, 5 G ^ — )• L, we write / Ea^l 9 if for all a ^ A, f{a) g{o)- We will 
often use the following proposition: 

Proposition 4.10 Let A be a poset, L a complete lattice and let F C [A ^ L]. Then, for all 

a G A, {\_\F){a) = |J/g_F/('^) ^^'^ (n^)(o) = FI/gf/C^)- Therefore, [A ^ L] is a complete 
lattice. 



Proof. We give the proof for |J (the proof for \~\ is symmetrical). Let h (z A ^ L such that 
h{a) = U/gf /(^)' where the least upper bound is well-defined because L is a complete lattice. 
Notice that h is obviously an upper bound of F. Now let g be an arbitrary upper bound of F. 
For each a £ A, it holds that g{a) is an upper bound of {/(a) | / G F}, thus U/eF /('^) — 9(^) 
which means that h Q g. Therefore, h = \_\F. 

It remains to show that h is monotonic. Consider x,y (z A such that x Q y. For all / G -F 
we have f{x) C f{y) due to the monotonicity of /. Since |J/gF/(y) upper bound of 

{f{y) \ f ^ F}, it is also an upper bound of {/(x) \ f £ F}. Therefore, jj^^^ f{x) C \Jj,^p f{y) 
and consequently h is monotonic. I 



We will be interested in a certain type of complete lattices in which every element can be 
"created" by using a set of compact (intuitively, "simple" ) elements of the lattice: 

Definition 4.11 Let L be a complete lattice and let c £ L. Then c is called compact if for 
every A L such that cQ\_\A, there exists finite A' <^ A such that c C jj^'. The set of all 
compact elements of L is denoted by /C(L). 

We can now define the notion of algebraic lattice (see for example |Gra78| ) . which will prove 
to be the key lattice-theoretic concept applicable to our context. 

Definition 4.12 A complete lattice L is called algebraic if every element of L is the least 
upper bound of a set of compact elements of L. 

The name "algebraic lattice" is due to G. Birkhoff [Bir67] (who did not assume completeness 
at that time). In the literature, algebraic lattices are also called compactly generated lattices. 

Example 4.13 The set L = {0, 1} under the usual numerical ordering is an algebraic lattice 
withK.{L) = {0,1}. 

Let S be a set. Then, 2^ , the set of all subsets of S, forms a complete lattice under set 
inclusion. It is easy to see that this is an algebraic lattice whose compact elements are the 
finite subsets of S. I 

Let P be a poset. Given B C P and a; G P, we write P^^j = {b £ B \ b Cp x}. We have the 
following easy proposition: 

Proposition 4.14 Let L be an algebraic lattice. Then, for every x £ L, x = |J^(^)[a:]- 

Proof. Obviously it holds that [_\IC{L)[x] E x. We show that x Q [_\IC{L)[x]. By Defini- 
tion there exists A C IC{L) such that x = |Jj4. Obviously, A C }C{L)[^y Therefore, by 
Proposition 14.31 U ^ E U ^{^)[x] and consequently x C [J }C(L)[^]. I 
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Given an algebraic lattice L, the set IC{L) will be called the basis of L. If additionally, /C(L) 
is countable, then L will be called an uj-algebraic lattice. 

In the rest of this section we will define a particular class of algebraic lattices that arise 
in our semantics of higher-order logic programming. This class will be characterized by 
Lemma 14.171 that follows. We first need to define the notion of "step functions" (see for 
example [AJ94j ) which are used to build the compact elements of our algebraic lattices. 

Definition 4.15 Let A be a poset and L be an algebraic lattice. For each a A and c G IC{L), 
we define the function (a \ c) : A ^ L as 

^ >< /V / 1 J-L, otherwise 
The functions of the above form will be called the step functions of A ^ L. 

Example 4.16 Consider a non-empty set A equipped with the trivial partial order that relates 
every element of A to itself, ie., a cl for all a. Moreover, let L = {0,1} (which by 
Example \4-l^ is an algebraic lattice). Then, for every a € A, (a \ 1) is the function that 
returns 1 iff its argument is equal to a. In other words (a \ 1) is the singleton set {a}. On 
the other hand, for every a, (a \ 0) corresponds to the empty set. 

As a second example, assume that A is the set of finite subsets off^ and that L = {0,1}. 
Then, for any finite set a (z A, (a \ 1) is the function that given any finite set x such that 
X D a, {a \ l)(x) = 1. In other words, (a \ 1) is a set consisting of a and all its (finite) 
supersets. On the other hand, for every a, (a \ 0) is the function that given any finite set x, 
(a \ 0)(x) = 0, ie., it corresponds to the empty set (of sets). I 

The following lemma (which we have not seen explicitly stated before) identifies a class of 
algebraic lattices that will play the central role in the development of the semantics of higher- 
order logic programming. An important characteristic of these lattices is that they have a 
simple characterization of their basis. The proof of the lemma is given in Appendix lAl 

Lemma 4.17 Let A be a poset and L be an algebraic lattice. Then, [A ^ L] is an algebraic 
lattice whose basis is the set of all least upper bounds of finitely many step functions from 
A to L. If, additionally, A is countable and L is an oj-algebraic lattice then [A ^ L] is an 
oj-algebraic lattice. 

We can now outline the reasons why algebraic lattices play such an important role in our 
context. As we have already mentioned, one of the contributions of the paper is that it al- 
lows the treatment of queries with uninstantiated predicate variables. The results of [Wad91| 
indicate that (due to continuity), if a relation satisfies a predicate, then some "finite repre- 
sentative" of this relation also satisfies it. This gives the idea of defining a semantics which 
makes these "finite representatives" more explicit. Intuitively, these finite representatives are 
the compact elements of an algebraic lattice. From an operational point of view, restricting 
attention to the compact elements allows us to answer queries with uninstantiated variables: 
if the set of compact elements is enumerable then we can try them one by one examining in 
each case whether the query is satisfied. 

More formally, since our lattices are algebraic and satisfy the conditions of Lemma 14.171 
we have a relatively easy characterization of their sets of compact elements (as suggested 
by Lemma I4.17p . Moreover, as we are going to see, if we restrict attention to Herbrand 
interpretations (see Section [6|) , then the lattices that we have to consider are all w-algebraic 
and therefore their sets of compact elements are countable. For these lattices it turns out that 
we can devise an effective procedure for enumerating their compact elements which leads us 
to an effective proof procedure for our higher-order language. 
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5 The Semantics of 1-L 



The semantics of % is built upon the notion of algebraic lattice. Recah that an algebraic 
lattice is a complete lattice L with the additional property that every element x of L is the 
least upper bound of /C(L)j^]. 

5.1 The Semantics of Types 

Before specifying the semantics of expressions of % we need to provide the set-theoretic mean- 
ing of the types of expressions of T-L with respect to a set D (where D is later going to be the 
domain of our interpretations). The fact that a given type r denotes a set [t]^, will mean that 
an expression of type r denotes an element of \t\j^. In other words, the semantics of types 
help us understand what are the meanings of the expressions of our language. In the following 
definition we define simultaneously and recursively two things: the semantics [t]^ of a type 
r and the corresponding partial order EtH. 

Definition 5.1 Let D he a non-empty set. Then: 

• [ijj-, = D, and is the trivial partial order such that d d, for all d & D. 

• I'-" ^ '•l/j = D. A partial order for this case will not he needed. 

• |o]jj = {0, 1}, and is the partial order defined by the numerical ordering on {0, 1}. 

• |t — )■ vrj^, = !)—)• [vrj^,, and Qi^-^ is the partial order defined as follows: for all f,g(z 
{l tt}^, f g if and only if f{d) g{d), for all de D. 

d) ~^ ['''"sId]; and C7rn-7r2 is the partial order defined as follows: 
for all f,g e {tti 7r2]^, / E7ri->7r2 9 if and only if f{d) g{d), for all d € /C([7ri|^). 

It is not immediately obvious that the last case in the above definition is well-defined. 
More specifically, in order for the quantity /C(|7ri]j^) to make sense, Itti]^ must be a complete 
lattice. This is ensured by the following lemma: 

Lemma 5.2 Let D he a non-empty set. Then, for every tt, |vr]^ is an algehraic lattice (co- 
algebraic if D is countable). 

Proof. The proof is by a simple induction on the structure of vr. The basis case is for vr = o 
and holds trivially (see Example I4.13p . For the induction step, we distinguish two cases. 
The first case is for n = l ^ tti. Then, |t '^iJd = D ^ ['''"iId- Notice now that D is 
partially ordered by the trivial partial order C^, and it holds that D — > IttiJ^, = [D ^ I'^iJd] 
(monotonicity is trivial in this case). By the induction hypothesis and Lemma 14.171 it follows 
that [ttJ^, is an algebraic lattice (w-algebraic if D is countable). The second case is for vr = 
TTi — >■ 7r2, and the result follows by the induction hypothesis and Lemma [4. 171 I 

The following definition gives us a convenient shorthand when we want to refer to an object 
that is either a compact element or a member of the domain D of our interpretations. This 
shorthand will be used in various places of the paper. 

■^Notice that we are writing Ct instead of the more accurate !^|^| • In the following, for brevity reasons we 
will often use the former (simpler) notation. Similarly, we will often write -L-n- instead of -Lf^i • 
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Definition 5.3 Let D be a non-empty set and let p be an argument type. Define: 

-c (^\_ \ ifp = i 

-^DKP) <^ /C(|/o]^), otherwise 

The set J^d{p) will be called the set of basic elements of type p (with respect to the set D). 

Example 5.4 Consider the type l o (a first-order predicate with one argument has this 
type). By Definition \5.1l {l o]^, is the set of all functions from D to {0, 1} (or equivalently, 
of arbitrary subsets of D). 

As a second example, consider the type (l ^ a) ^ o. This is the type of a predicate 
which takes as its only parameter another predicate which is first-order; for example, p in 
Example \2.1\ has this type. Then, it can be verified using Lemma \4-l'T\ and Example \4-i6\ that 
the set /C(|i o]^,) is the set of all finite functions from D to {0, 1} (or equivalently, of finite 
subsets of D). By Definition \5.1{ \{i — )■ o) — )• o]^, is the set of all monotonic functions from 
finite subsets of D (ie., elements of K,{\i — ?> o]^)j to {0,1}. In other words, in the semantics 
of Ti, a predicate of type {t ^ o) ^ a will denote a monotonic function from finite subsets 
of D to {0,1}. The role that monotonicity plays in this context can be intuitively explained 
by considering again Example \2.1\ if p is true of a finite set, then this set must contain both 
and s(0). But then, p will also be true for every superset of this set (since every superset 
also contains both and s(0) ). As we are going to see, the meaning of all the higher-order 
predicates that are defined in a program will possess the monotonicity property. I 

It should be noted at this point that the semantics of types of our language is in some sense a 
finitary version of the one given in |Wad91j , where the denotation of a type of the form vri — )• 7r2 
is the set of all continuous functions from the denotation of tti to the denotation of (more 
details on the connections between the two approaches will be given in Section [5.3p . Notice 
now that in our interpretation of types, only monotonicity is required; actually, continuity is 
not applicable in our interpretation: given a type vri tt2, it would be meaningless to talk 
about the continuous functions from /C(|vri]^) to \tt'2\j^ because /C([7ri]^) is not in general a 
complete lattic^ as required by the definition of continuity. However, as we are going to see, 
monotonicity suffices in order to establish that the immediate consequence operator of every 
program is continuous (Lemma 16. lOp and therefore has a least fixed-point. 

As a last remark, we should mention that the interpretation of types given in Definition l5.1l 
does not apply to the inverse implication operator of T-i, whose denotation is not monotonic 
(for example, notice that negation can be implicitly defined with the use of implication). 
However, since the use of -^tt is not allowed inside positive expressions, the non-monotonicity 
of -^TT does not create any semantic problems. 

5.2 The Semantics of Expressions 

We can now proceed to give meaning to the expressions of T-L. This is performed by first 
defining the notions of interpretation and state for T-L: 

Definition 5.5 An interpretation lofTi consists of: 

1. a nonempty set D, called the domain of I 

2. an assignment to each individual constant symbol c, of an element /(c) G D 

^To see this, take tti = t — > o and let D be an infinite set. Then, K.{\b — >■ o]^) consists of all finite subsets 
of D and is not a complete lattice (since the least upper bound of a set of finite sets can itself be infinite) . 
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3. an assignment to each predicate constant p of type vr, of an element /(p) € IttJ^, 



4. an assignment to each function symbol f of type —>■/-, of a function /(f) E Z?" — )■ D. 

Definition 5.6 Let D be a nonempty set. Then, a state s of Ti over D is a function that 
assigns to each argument variable V of type p of H an element s(V) € Td{p)- 

In the following, s\d/\/] is used to denote a state tliat is identical to s the only difference 
being that the new state assigns to V the value d. 

Before we proceed to formally define the semantics of expressions oi H, a short discussion 
on the semantics of application is needed. The key technical difficulty we have to confront 
can be explained by reconsidering Example 12.11 in the more formal context that we have now 
developed. 

Example 5.7 Consider again the program from Example \2.1[ 

p(Q):-Q(0),Q(s(0)). 
iiat(O) . 

nat(s(X)) :-nat(X) . 

Consider also the query p(nat). The type of is (i — )• o) — > a, while the type 0/ nat is 
L ^ o. Let L be an interpretation with underlying domain D. Then, according to Definition \5.5l 
/(p) must be a monotonic function from /C(|i ^Jd) {Oil}- Moreover, according to 
Example \5.4[ J'oi^' — ^ o) consists of all the finite sets of elements of D. But /(nat) is a 
member of \l — ?> o]^, and can therefore be an infinite set. How can we apply /(p) to /(nat)? 
To overcome this problem, observe that in order for the predicate p to succeed for its argument 
Q, it only has to examine a "finite number of facts" about Q (namely whether Q is true of 
and s(0)J. This remark suggests that the meaning o/p(nat) can be established following a 
non-standard interpretation of application: we apply /(p) to all the "finite approximations" 
of L (nat), ie., to all elements 0/ /C(|z. o]£,)[7(jiat)]; (^''t-^ then take the least upper bound of 
the results. Notice that our approach heavily relies on the fact that our semantic domains are 
algebraic lattices: every element of such a lattice (like /(nat) in our example) is the least upper 
bound of the compact elements of the lattice that are below it (the finite subsets o//(nat) in 
our case). I 

We can now proceed to present the semantics of H: 

Definition 5.8 Let I be an interpretation ofH, let D be the domain of L, and let s be a state 
over D. Then, the semantics of expressions ofH with respect to / and s, is defined as follows: 

1- [0L(/) = 

2. [iL(/) = 1 

3. |c]^(/) = /(c), for every individual constant c 

4. [p1s(/) = -^(p), for every predicate constant p 

5. [V]^(/) = s(V), for every argument variable V 

6. [(f El • • • E„)]^(/) = /(f) [Ei]^(/) • • • |E„]^(/), for every n-ary function symbol f 

7. [(EiE2)L(/) = UeB([EiL(/)(6)), where B = TD{type{E2))^^^^^^^,^^ 

8. |(AV.E)1^(/) = Ad.[E]^[^/v]W> where d ranges over Foitypeiy)) 
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9. [(El E2)l3(/) = UttIIEiLW, [E2]g(/)}, where is the least upper bound function 



on TT 



D 



10. |(Ei E2)\g{I) = n7r{lEils(-^), IE2ls(-^)}, where \~\^ is the greatest lower hound function 
on |7r] 



11. [(Ei«E2)L(/) : 

12. [(3VE)l,(/) = 

13. I(p E)l,(/) 
U. E)l,(/) = 



1, ^/IEll,(I) = [E2L(I) 
0, otherwise 

1, if there exists d € TD{type{\/)) such that [E]gj^^y](/) = 1 

0, otherwise 

1, z/[EL(/)C^/(p) 
0, otherwise 

1, ^/[EL(/)=0 
0, otherwise 



For closed expressions E we will often write |E](/) instead of |E]^(/) (since, in this case, 
the meaning of E is independent of s). 

We need to demonstrate that the semantic valuation function [•] assigns to every expression 
of H an element of the corresponding semantic domain. More formally, we need to establish 
that for every interpretation / with domain D, for every state s over D and for all expressions 
E : /9, it holds that |E]^(/) S IpId- In order to prove this, the following definition is needed: 

Definition 5.9 Let 5-^._d be the set of states of H over the nonempty set D. We define the 
following partial order on Sy^^o'- for all si,S2 € S-j-i^d, -si E<S« d -52 iff for every argument 
variable V-.pofH, si(V) Qp S2(V). 

The following lemma states that Definition 15.81 assigns to expressions elements of the cor- 
responding semantic domain. Notice that in order to establish this, we must also prove si- 
multaneously that the meaning of positive expressions is monotonic with respect to states. 



Lemma 5.10 Let E : p be an expression of Ti and let D be a nonempty set. Moreover, let 
s,si,S2 be states over D and let L be an interpretation over D. Then: 

1. [EL(/) G Ipj^. 

2. IfE is positive and si Qsn,D ^2 then |E]^^(/) Cp [El^2(/). 

The proof of the lemma is given in Appendix iBl 

We can now define the important notion of a model of a set of formulas: 

Definition 5.11 Let S be a set of formulas of % and let L be an interpretation ofH. We 
say that L is a model of S if for every F S S" and for every state s over the domain of L , 

WUi) = 1- 

We close this section with the definitions of the notions of unsatisfiability and of logical con- 
sequence of a set of formulas. 

Definition 5.12 Let S be a set of formulas of 7i. We say that S is unsatisfiable if no 
interpretation ofH is a model for S. 

Definition 5.13 Let S be a set of formulas and F a formula ofH. We say that f is a logical 
consequence of S if, for every interpretation I of %, L is a model of S implies that L is a 
model of F. 
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5.3 A Comparison with the Continuous Semantics 

In this subsection we give a brief comparison of the proposed semantics with the semantics 
introduced in |Wad91] . A complete presentation of such a comparison would require a detailed 
presentation of the approach introduced in |Wad91j and its adaptation to the richer language 
H introduced in this paper. We avoid such an extensive comparison by outlining the main 
points in an intuitive way. 

As already mentioned, the source language considered in |Wad91] is restricted compared 
to Ti. However, the semantics of [WadQlj can be appropriately extended to apply to Ti as 
well. Given a non-empty set D, let us denote by [p]^ the semantics of an argument type p in 
D under the approach of |Wad91| . Then, the semantics of types is defined as follows: 

• Md = D. 

. [ol^ = {0,l}. 

where by [A A B] we denote the set of continuous functions from A to B. The corresponding 
partial orders can be easily defined as in Definition 15.11 The semantics of expressions can be 
defined in an analogous way as in Definition 15. 81 the main difference being that the semantics of 
application is the standard one. Roughly speaking, one can say that the semantics of |Wad91| 
is the logic programming analogue of the standard denotational semantics of functional pro- 
gramming languages [Ten91| . In the following, we will refer to the semantics of jWad91] as 
the "continuous semantics" . 

It is relatively easy to show that for every argument type p ofTi there is a bijection between 
the sets Ipjj^ and Similarly, there is a bijection between the set of interpretations of 

Ti under the proposed semantics and the set of interpretations of H under the continuous 
semantics. Then, the following proposition can be established: 

Proposition 5.14 Let P be a program and let f be a formula of %. Then, f is a logical 
consequence of P under the proposed semantics iff P is a logical consequence of P under the 
continuous semantics. 

In other words, the two semantics, despite their differences, are closely related. The key 
advantage of the proposed semantics is that it is much closer to the SLD-resolution proof 
procedure that will be introduced in Section [71 More specifically: 

• The compact elements of our algebraic lattices correspond to the basic expressions that 
are a vital characteristic of the proposed proof procedure (see Subsection 17. ip . 

• The notion of answer and correct answer for a query (see Definitions 17.161 and I7.17P can 
now be accurately defined. Notice that the notion of correct answer must be quite close 
to that of computed answer in order to be able to state the main completeness theorem. 

In conclusion, the proposed semantics allows us to define an SLD-resolution proof procedure 
and it helps us formalize and prove its completeness. It is unclear to us whether (and how) 
this could have been accomplished by relying on the continuous semantics. 
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6 Minimum Herbrand Model Semantics 



Herbrand interpretations constitute a special form of interpretations that have proven to be a 
cornerstone of first-order logic programming. Analogously, we have: 

Definition 6.1 The Herbrand universe C/-^ ofH is the set of all terms that can be formed out 
of the individual constants and the function symbols ofH. 

Definition 6.2 A Herbrand interpretation I ofH is an interpretation such that: 

1. The domain of I is the Herbrand universe ofH. 

2. For every individual constant c, /(c) = c. 

3. For every predicate constant p of type tt, /(p) € [■^]{/^- 

4- For every n-ary function symbol f and all terms ti, . . . , t„ of 11%, /(f) ti • • • t„ = f ti • • • t„. 



Since all Herbrand interpretations have the same underlying domain, we will often refer to 
a "Herbrand state s", meaning a state whose underlying domain is U-^. As it is a standard 
practice in logic programming, we will often refer to an "interpretation of a set of formulas 
5" rather than of the underlying language H. In this case, we will implicitly assume that 
the set of individual constants and function symbols are those that appear in S. Under this 
assumption, we will often talk about the "Herbrand universe Us of a set of formulas S"' . 

We should also note that since the Herbrand universe is a countable set, by Lemma 15.21 
for every predicate type vr, [ttJ^/^ is an cj-algebraic lattice (ie., it has a countable basis). 

We can now proceed to examine properties of Herbrand interpretations. In the following 
we denote the set of Herbrand interpretations of a program P with Xp . 

Definition 6.3 Let P be a program. We define the following partial order on Xp: for all 
/, J € Zp, / Ejp J iff for every vr and for every predicate constant p : vr of P, /(p) J{9)- 



Lemma 6.4 Let P be a program and letX C Xp. Then, for every predicate p ofP, (|J/^)(p) = 
U/ex^(P) ^'^^ (n^)(p) = n/GX-^(P)- Therefore, Xp is a complete lattice under Cjp. 

Proof. We give the proof for |J; the proof for \~\ is symmetrical and omitted. Let J € Xp 
such that for every p : vr in P, J(p) = |J/gx-^(p)- Notice that |J/ex-^(P) well-defined since 
Ivrjjjp is a complete lattice. Notice also that J is an upper-bound for X because for every / € Z, 
/ J. Let J' be an arbitrary upper bound of X. Then, for every p : vr, it holds that J'(p) 
is an upper bound of {/(p) | / G X}, and therefore |J/eX-^(P) —'^ ^'(p)' which implies that 
J Ejp J'. ■ 

In the following we denote with _Lip the greatest lower bound of Xp, ie., the interpretation 
which for every vr, assigns to each predicate p : vr of P the element ±7^- 

The properties of monotonicity and continuity of the semantic valuation function will prove 
vital: 



Lemma 6.5 (Monotonicity of Semantics) Let P be a program and let E : p be a positive 
expression of P . Let I, J be Herbrand interpretations and s a Herbrand state of P. If L Qxp J 
then lEUl) [EL(J). 

The proof of the lemma is given in Appendix [Cl 
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Lemma 6.6 (Continuity of Semantics) Let P be a program and let E be a positive expres- 
sion of P. Let Z be a directed set of Herbrand interpretations and s a Herbrand state of P. 
Then, IEL(UX) = U,,jIEL(/). 

The proof of the lemma is given in Appendix iDl 

An the basic properties of first-order logic programming extend naturally to the higher- 
order case: 

Theorem 6.7 (Model Intersection Theorem) Let P be a program and M a non-empty 
set of Herbrand models of P. Then, \~\A4 is a Herbrand model for P. 

Proof. By Lemma 16.41 is well-defined. Assume that ^ model for P. 

Then, there exists a rule p -^tt E in P and 6i,...,6„ of the appropriate types such that 
(nA^)(p) bi---bn = while lEj{\~\ M) bi ■ ■ ■ bn = 1. Since for every M e M we have 
PI E M, using Lemma [631 we conclude that for all M € M, [E](M) 6i • • • 6„ = 1. Moreover, 
since (fl A^)(p) • • • = 0, by Lemma [Ol we get that (fl A^(p)) bi ■ ■ - bn = 0. By Proposi- 
tion HJO] we conclude that for some M £ M{p) 6i ■ ■ ■ 6„ = 0. But then there exists M £ A4 
that does not satisfy the rule p -^tt E, and therefore is not a model of P (contradiction). I 

It is straightforward to check that every higher-order program P has at least one Herbrand 
model /, namely the one which for every predicate constant p of P and for all basic elements 
bi, . . . ,bn of the appropriate types, /(p) 6i • • • 6„ = 1. Notice that this model generalizes the 
familiar idea of "Herbrand Base" that is used in the theory of first-order logic programming. 

Since the set of models of a higher-order logic program is non-empty, the intersection {gib) 
of all Herbrand models is well-defined, and by the above theorem is a model of the program. 
We will denote this model by Mp. 

Definition 6.8 Let P be a program. The mapping Tp : Ip — > Zp is defined as follows for every 
p : TT in P and for every I £ Zp: 

Tp{I){p)= U [El(/) 
(p<-^e)gp 

The mapping Tp will be called the immediate consequence operator for P. 
The fact that Tp is well-defined is verified by the following lemma: 

Lemma 6.9 Let P be a program and let p : tt be a predicate constant of P. Then, for every 
l£Zp,Tp{I){p)£M^^. 

Proof. The result follows directly by the definition of Tp, Lemma 15.101 and the fact that 
Ivrjjjp is a complete lattice. I 

The key property of Tp is that it is continuous: 

Lemma 6.10 Let P be a program. Then the mapping Tp is continuous. 

Proof. Straightforward using Lemma 16.61 I 

The following property of Tp generalizes the corresponding well-known property from first- 
order logic programming: 



18 



Lemma 6.11 Let P be a program and let I E Ip. Then I is a model of P if and only if 
Tp{I) Exp /. 



Proof. An interpretation / G Xp is a model of P iff [E](/) /(p) for every clause p E 
in P iff U(p^^E)eP im) /(p) iff rp(/)(p) /(p). I 

Define now the following sequence of interpretations: 

TptO = ±xp 

Tpt(n + 1) = rp(Tptn) 

Tp t w = |J{rp t n I n < a;} 

We have the following theorem (which is entirely analogous to the one for the first-order case): 
Theorem 6.12 Let? he a program. Then Mp = lfp{Tp) = Tp t w. 

Proof. Using exactly the same reasoning as in the first-order case (see for example the 
corresponding proof in |Llo87] ) . I 

7 Proof Procedure 

In this section we propose a sound and complete proof-procedure for %. One important aspect 
we initially have to resolve, is how to represent basic elements (see Definition l5.3p in our source 
language. In the following subsection we introduce a class of positive expressions, namely basic 
expressions, which are the syntactic analogues of basic elements. Basic expressions will be used 
in order to formalize the notion of answer (to a given query) as-well-as in our development of 
the SLD-resolution for T-L. 

7.1 Basic Expressions 

As we have already seen, basic elements have played an important role in the development of 
the semantics of our higher-order logic programming language. In order to devise a sound and 
complete proof procedure for our language, we first need to find a syntactic representation for 
basic elements. Since the definition of basic elements uses the operator C (see Lemma 14.171 
Definition 14.151 and Definition 15. 3p . it is not immediately obvious how one can construct a 
positive expression whose meaning coincides with a given basic element. Basic expressions 
introduced below, solve this apparent difficulty: 

Definition 7.1 The set of basic expressions of % is recursively defined as follows. Every 
expression ofH of type l is a basic expression of type l. Every predicate variable ofH of type 
TV is a basic expression of type tt. The propositional constants and 1 are basic expressions of 
type 0. A non-empty finite union of expressions each one of which has the following form, is 
a basic expression of type pi ^ p„. o (where Vi : pi, . . . , V„ : pn): 

1. AVi.---AV„.0 

2. AVi. • • • AVn.(Ai A • • • A kri), where each Ai is either 

(a) (Vj ~ Bj), if\/i : l and Bi : l is a basic expression where \/j FV{Bi) for all j, or 

(b) the constant 1 orVi, if Mi : o, or 
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(c) the constant 1 or Vj(Bii) • • • (Bi^) A • • • A Vj(Bmi) ■ ■ ■ {^mr), m > 0, iftype(y.i) l^o 
and the Bm's are basic expressions of the appropriate types, where \/j FV{Bki) 
for all j, k, I. 

The Bj and B^i above will be called the basic subexpressions of B. 
The following example illustrates the ideas behind the above definition. 
Example 7.2 We consider various cases of the above definition: 

• The terms a, f (a,b), X and f (X,h(Y)), are basic expressions of type l. 

• Assume X : p. Then, AX.O is a basic expression of type p ^ a. Intuitively, it corresponds 
to the basic element -Lp-i.o- 

• Assume X : l. Then, AX.(X~a) is a basic expression of type i o. Intuitively, it 
corresponds to the basic element (a \ l) or more simply to the finite set {a}. 

• Assume X : l and Y : l. Then, AX. AY. (X~a) A(Y~b) is a basic expression of type 
L L o. Intuitively, it corresponds to the basic element (a \ (b \ l)) or more simply 
to the singleton binary relation {(a, b)}. 

• Assume X : l. Then, (AX. (X?aa)) \/^_^^{XX. (Xssb)) is a basic expression of type i ^ o. 
It corresponds to the basic element LIII^l \ '^)-,{^ \ 1)}; or more simply to the finite 
set {a, b}. 

• Assume Q : t ^ o. Then, AQ. (Q(a) AQ(b))zs a basic expression of type [l ^ o) ^ a. 
Intuitively, it corresponds to the basic element (|J{(a \ 1), (b \ 1)}) \, 1. More simply, 
it corresponds to the set of all finite sets that contain both a and b. 

I 

The proof procedure that will be developed later in this section, relies on a special form of 
basic expressions: 

Definition 7.3 The set of basic templates of T-L is the subset of the set of basic expressions 
of % defined as follows: 

• The propositional constants and 1 are basic templates. 

• Every non-empty finite union of basic expressions (of the form presented in items 1 and 
2 of Definition \7.1^ in which all the basic subexpressions involved are distinct variables, 
is a basic template. 

The variables mentioned above, will be called template variables. 

Example 7.4 Assume in the following expressions that X, Y, Z,W : l, Q,Qi,Q2 : t — )■ o and 
R :((/-—)• o) —)• o) —)• o. The expression AX.(X~Z) is a basic template of type t o. 
The expression AX. AY. (X~Z) A(Y~W) is a basic template of type l ^ l ^ a; the template 
variables in this case are Z andV. The expression AQ. (Q (Z) AQ(W) ) is a basic template of type 
{i ^ a) ^ with template variables Z and W. The expression AR. (R(Qi) AR(Q2) ) is a basic 
template of type {{l o) ^ o) ^ o with template variables Qi and Q2- I 
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Notice from the above example that the structure of basic templates is in general much simpler 
than that of basic expressions (due to the fact that a template variable can represent an 
arbitrary basic expression of the same type). For this reason, basic templates are much simpler 
to enumerate than arbitrary basic expressions. 

The following two lemmas establish the connections between basic elements and basic 
expressions. 

Lemma 7.5 For every basic expression B : p, for every Herbrand interpretation I ofTi, and 
for every Herbrand state s, [B]g(I) € Tu^{p). 

Proof. The proof is by induction on the type of B. The basis case is for basic expressions of 
type L and a and holds trivially. We demonstrate that the lemma holds for basic expressions 
of type /O = /9i —)••••—)• p„ —>• o, assuming that it holds for all basic expressions that have 
simpler types than p. If the basic expression is a predicate variable, the result is immediate; 
otherwise, we have to distinguish the following cases: 

Case 1: B = AVi. • • • AV„.0. Then, the corresponding basic element in Fu^[p) is the bottom 
element of type pi ^ > pn ^ o (ie., _Lpi^...^p„_^o)- 

Case 2: B = AVi. • • • AV„.(Ai A • • • AAn). Then, the corresponding basic element is the element 
^1 \ (&2 \ • • • \ (^n \ 1) • • • )) where the hi are defined as follows: 

• If Vj : L, then by Definition [TH Aj = (Vj « Bj). In this case, hi = [Bi]^(/). 

• If Vj : o then Aj is either equal to 1 or to Vf, in the former case bi = and in the latter 
case bi = 1. 

• If Vj is of any other type then Aj is either equal to 1 or to Vj(Bii) • • • (Bi^) A • • • A 
Vj(Bmi) • • • (Bmr)) where m > 0. In the former case it is 6j = 0; in the latter case 
h = Ui<,<..(IB,iL(/) \ (IB,2L(/) \ • • • \ (IB,.L(/) \ 1) • • • ))• 

Case 3: B is a finite union of lambda abstractions. Then, for each term of the finite union we 
can create (as above) a basic element. By taking the finite union of these elements, we create 
the basic element that corresponds to B. 

It can be easily verified that for every basic expression B, |B]^(/) coincides with the cor- 
responding basic element defined as above. I 

The converse of the above lemma holds, as the following lemma demonstrates. 

Lemma 7.6 Let p be any argument type and let b G J^u^{p). Then, there exists a closed basic 
expression B : p such that for every Herbrand interpretation I, |B|(/) = b. 

Proof. The proof is by induction on the structure of argument types. The basis case is for 
argument types l and o, and holds trivially. We demonstrate that the lemma holds for type 
p = pi ^ ■ ■ ■ ^ Pn ^ o, assuming that it holds for all subtypes of p. Assume now that 6 is a 
basic element of type p, consisting of a finite union of step functions. 

If the union is empty, then B = AVi. • • • AV„.0. Assume now that the union is non-empty. 
Then, the basic expression corresponding to b will simply be the union of the basic expressions 
corresponding to the step functions that comprise b. 

Let ^1 \ (&2 \ • • • \ (&n \ 1) • • • ) be one of the step functions that constitute b. We 
create the basic expression: B = AVi. • • • AV„.(Ai A • • • A„) where each Aj can be created as 
follows: 
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• If bi is of type l and bi = t G U^u, then Aj = (Vj ^ t). 

• If bi is of type o and 6^ = 0, then Aj = 1. 

• If bi is of type o and 6j = 1, then Aj = 0. 

• Otherwise, bi is a finite union of m > basic elements of the form bji \ (bj2 \ • • • Nj 
{bjr \ I)---), 1 < j < m. Then, A^ = V,(Bii) • • • (Bi,) A • • • A Vi(B^i) • • • (B„,), 
where Bji, . . . , Bjm are the expressions that correspond (by the induction hypothesis) to 
bji, . . . , bjui' 

It is easy to verify that the resulting basic expression B satisfies [B](/) = b. I 

The above two lemmas suggest that basic expressions are the syntactic analogues of basic 
elements. 

7.2 Substitutions and Unifiers 

Substitutions are vital in the development of the proof procedure for T-L: 

Definition 7.7 A substitution 6 is a finite set of the form {Vi/Ei, . . . , V„/E„}, where the Vj 's 
are different argument variables of H and each Ej is a positive expression of % having the same 
type as Vj. We write dom{6) = {Vi, . . . , V„} and range{9) = {Ei, . . . , E„}. A substitution is 
called basic if all Ej are basic expressions. A substitution is called zero-order, if type{\/i) = t, 
for all z G {1, . . . ,n} (notice that every zero-order substitution is also basic). The substitution 
corresponding to the empty set will be called the identity substitution and will be denoted by e. 

We are now ready to define what it means to apply a substitution 6 to an expression E. Such 
definitions are usually complicated by the fact that one has to often rename the bound variable 
before applying 6 to the body of a lambda abstraction. In order to simplify matters, we follow 
the simple approach suggested in |Bar84| [pages 26-27], which consists of the following two 
conventions: 

• The a-congruence convention: Expressions that are a-congruent will be considered 
identical (expression Ei is a-congruent with expression E2 if E2 results from Ei by a 
series of changes of bound variables). For example, AQ.QCa) is a-congruent to AR.R(a). 

• The variable convention: If expressions Ei, . . . , E„ occur in a certain mathematical 
context (eg., definition, proof), then in these expressions all bound variables are chosen 
to be different from the free variables. 

Using the variable convention, we have the following simple definition: 

Definition 7.8 Let 6 be a substitution and let E be a positive expression. Then, E0 is an 
expression obtained from E as follows: 

• E9 = E, if E is 0, 1, c, or p. 

m V9 = 6i(V) i/V G dom{9); otherwise, = V. 

. (f Ei---E„)0 = (f Ei0---E„e). 

. {E^E2)9 = {E^9E2e). 

• (AV.Ei)^ = (AV.(Ei0)). 
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. (E,A.E2)^ = (E,0A.E20). 
. (E, «E2)^ = (E,0«E20). 
. (3VEi)0 = (3V(Ei0)). 

Notice that in the case of lambda abstraction (and similarly in the case of existential 
quantification), it is not needed to say "provided V ^ FV{range{6)) and V dom{9y\ By 
the variable convention this is the case. 

Definition 7.9 Let = {Vi/Ei, . . . ,Vm/Em} and a = {V'^/E'^^, . . . , V^/E^} he substitutions. 
Then the composition 6a of 6 and a is the substitution obtained from the set 

{Vi/Eia, . . . , V„/E^a, V'^/E;, . . . , V^/E^ 
by deleting any Vi/Eia for which Vj = EjO" and deleting any V^/E^- for which V'j € {Vi, . . . , V^}- 
The following proposition is easy to establish: 
Proposition 7.10 Let 9, a and ^ be substitutions. Then: 

1. ee = ee = e. 

2. For all positive expressions E, (E0)(T = E(0cr). 

3. {ea)-f = 9{a-/). 

We will use the notions of unifier and most general unifier, which in our case have exactly the 
same meaning as in the case of classical (first-order) logic programming: 

Definition 7.11 Let S be a set of terms of % (ie., expressions of type l). A zero-order 
substitution 6 will be called a unifier of the expressions in S if the set 5"^ = {E0 | E G S*} is a 
singleton. The substitution 9 will be called a most general unifier of S (denoted by mgu{S)), 
if for every unifier a of the expressions in S, there exists a zero-order substitution 7 such that 
a = 9"f. 

We now have the following Substitution Lemma (see for example [Ten91j for a corresponding 
lemma in the case of functional programming). The Substitution Lemma shows that given a 
basic substitution 9, the meaning of E0 is that of E in a certain state definable from 9. The 
lemma will be later used in the proof of soundness of the proposed proof procedure. 

Lemma 7.12 (Substitution Lemma) Let P he a program, let L be an interpretation of P 
and let s be a state over the domain of L. Let 9 be a basic substitution and E he a positive 
expression. Then, IE0],(/) = [E],,(I), where s'(V) = |0(V)1,(I) i/ V G dom{9) and s'(V) = 
s(V), otherwise. 

Proof. By structural induction on E. I 

The following lemmas, that also involve the notion of substitution, can be easily demonstrated 
and will prove useful in the sequel. 

Lemma 7.13 Let 9i, . . . ,9n be basic substitutions. Then, 9i - ■ ■9n is also a basic substitution. 
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Proof. By induction on n and using Definitions 17.11 and 17. 9i I 

Lemma 7.14 Let P be a program, let I be an interpretation of P and let s be a state over the 
domain of I. Let AV.Ei and E2 be positive expressions of type p — >■ tt and p respectively. Then, 
[(AV.Ei)E2L(/) = [Ei{V/E2}L(/). 

Proof. By structural induction on Ei. I 

Lemma 7.15 Let P be a program, I a Herhrand interpretation of P and s a Herbrand state. 
Let E be a positive expression. Then, there exists a basic substitution 6 such that [E]^(/) = 
|E0]g,(/) for every Herbrand state s' . 

Proof. Define 9 such that if V G FV{E), 9{\/) = B, where B is a closed basic expression such 
that |B](/) = s(V) (the existence of such a B is ensured by Lemma l7.6p . The lemma follows 
by a structural induction on E. I 

It is important to note that in the rest of the paper, the substitutions that we will use will be 
basic ones (unless otherwise stated). Actually, the only place where a non-basic substitution 
will be needed, is when we perform a ^-reduction step (see for example the rule for A in the 
forthcoming Definition I7.18P . 

7.3 SLD-Resolution 

We now proceed to define the notions of answer and correct answer. 

Definition 7.16 Let P be a program and G a goal. An answer for PU{G} is a basic substitution 
for (certain of the) free variables of G. 

Definition 7.17 Let P be a program, G =-<r- A a goal clause and an answer for P U {G}. 
We say that 9 is a correct answer for P U {G} if for every model M of P and for every state 
s over the domain of M , [A6']^(M) = 1. 

Definition 7.18 Let P be a program and let G A and G' A' be goal clauses. Then, 
we say that A' is derived in one step from A using basic substitution 9 (or equivalently that 

G' is derived in one step from G using 9), and we denote this fact by A —?■ A' (respectively, 

G G') if one of the following conditions applies: 

1. p El • • • E^ A E El • • • E„, where p 7^ E is a rule in P. 

2. Q El • • • E„ — )• (Q El • • • En)9, where 9 = {Q/B^} and B^ a basic template. 

3. (AV.E) Ei---E„ A(E{V/Ei})E2---E„. 

4. (E'V.E") Ei...E„ AE' Ei-.-E,. 

5. (E'V^E") Ei...E„ AE" Ei-.-E,. 

6. (E' E") El • • • E„ A (E' El • • • E„) A (E" Ei • • • E„), where vr ^ o. 

7. (E1AE2) A(e;a(E20)), «/Ei Ae;. 
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8. (El A Ea) A ((Ei^) A E'a), z/Ea AE^. 

9. (□ A E) A E 

10. (E A □) A E 

11. (El ~ E2) where 6 is an mgu of Ei and E2. 

12. (3V E) A E 

Moreover, we write A ^ A' if A = Aq % Ai % ■■■ % = A' , n > 1, where 9 = 61 ■ ■ ■ 9n ( and 
similarly for G G'). 

Definition 7.19 Let P be a program and G a goal. An SLD-derivation o/PU{G} is a (finite or 
infinite) sequence Go = G, Gi, . . . of goals and a sequence 6i,92, . . . of basic substitutions such 
that each Gj+i is derived in one step from Gi using ^j+i. Moreover, for all i, if Oi = {V/B^}, 
then the free variables of Bt are disjoint from all the variables that have already appeared in 
the derivation up to Gi-i. 

Definition 7.20 Let P be a program and G a goal. Assume that P U {G} has a finite SLD- 
derivation Go = G, Gi, . . . , G„ with basic substitutions 9i, . . . , 9n, such that G„ = □. Then, we 
will say that P U {G} has an SLD-refutation of length n using basic substitution 9 = 9i ■ ■ ■ 9n. 

Definition 7.21 Let P be a program, G a goal and assume that Pu{G} has an SLD-refutation 
using basic substitution 9. Then, a computed answer a for P U {G} is the basic substitution 
obtained by restricting 9 to the free variables of G. 

Example 7.22 Consider the program of Example \3.6l An SLD-refutation of the goal ^ 
closure Q a b is given below (where we have omitted certain simple steps involving lambda 
abstractions): 

closure Q a b 9i = e 

(AR.AX.AY. (R X Y)) Q a b 6^2 = e 

Q a b 6*3 = {Q/ (AX . AY . (XRiXo) A (Y^Yo) ) } 

( AX . AY . (Xr^Xo) A (Y?aYo) ) a b 6*4 = e 

(a^Xo) A (bwYo) 6*5 = {Xo/a} 

□A(b«Yo) 9g = € 

(b^Yo) 07 = {Yo/b} 

□ 

// we restrict the composition 9i - ■ ■ 9i to the free variables of the goal, we get the computed 
answer ai = {Q/AX.AY. (Xa^a) A(YRib)}. Intuitively, ai assigns to Q the relation {(a,b)} (for 
which the query is obviously true). Notice that by substituting Q with different basic templates, 
one can get answers that are "similar" to the above one, such as for example {(a, b), (Zl, Z2)} 
or {(a, b), (Z1,Z2), (Z3,Z4)}, and so on. Answers of this type are in some sense "represented" 
by the answer {(a, b)}. Actually, one can easily optimize the proof procedure so as to avoid 
enumerating such superfluous answers (see the discussion in Section\Q(j. 

However, there exist other answers to our original query that are genuinely different from 
{(a, b)} and can be obtained by making different clause choices. For example, another an- 
swer to our query is a-i = {Q/(AX. AY. (X?aa) A(Y?aZ)) (AX. AY. (XRiZ)A(YRib))}, which 
corresponds to the relations of the form {(a, Z), (Z,b)}, for every Z in the Herbrand universe. 
Similarly, one can get the answer {(a, Zl), (Zl, Z2), (Z2, b)}, and so on. 
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In other words, we observe that by performing different choices in the selection of a basic 
template for Q and making an appropriate use of the two rules of the program for closure, we 
get an infinite (but countable) number of computed answers to our original query. I 

7.4 Soundness of SLD-resolution 

In this subsection we establish the soundness of the SLD-resolution proof procedure. The 
following lemmas are very useful in the proof of the soundness theorem: 

Lemma 7.23 Let P be a program, let I be an interpretation of P and let s be a state over the 
domain of I. Let Ei and E2 be positive expressions of type p ^ n and E expression of type p. 
//[EiL(/) Cp^. IE2L(/), then [(Ei E)L(/) [(Es E)l,(/). 

Proof. Straightforward using the definition of application. I 

Lemma 7.24 Let P be a program, let G =^ A and G' =^ A' be goals and let 6 be a basic 

substitution such that A — > A'. Then, for every model M of P and for every state s over the 
domain of M , it holds that lke\^{M) □ |A'1^(M). 

Proof. First, observe that in all cases A is of the form E Ei • • • E^, A; > 0, where E is an 
expression of predicate type. We perform a structural induction on E. 

Induction Basis: We distinguish two cases, namely E = p and E = Q. For the first case it 
suffices to show that |(p Ei • • • Ek)B'\^{M) □ |(Ep Ei • • • Efc)6']^(M), where 6* = e and p Ep is 
a clause in P. This follows easily by the fact that M is a model of P and using Lemma 17.231 
The second case is trivial. 

Induction Step: We examine the two most interesting cases (the rest are straightforward): 

Case 1: E = (AV.E'). In this case 9 is the empty substitution, and therefore it suffices to 
show that [(AV.E') Ei • • • Efcl,(M) □ IE'{V/Ei} E2 ■ ■ ■ Efc|,(M). By LemmaEH we have that 
KAV.E') Ei^M) = |E'{V/Ei}],(M), and the result follows by LemmaElSl 

Case 2: E = (E' A E"). Moreover, assume that E' E'^. Then, (E' A E") derives in one step 
the expression (E^ A (E"0)). It suffices to show that |(E' A E")^L(M) □ |E; A (E"0)]^(M), 
or equivalents that |(E'0) A (E"0)]^(M) □ |E; A (E"0)]^(M). But this holds since by the 
induction hypothesis we have that [E'6l]^(M) □ [E'Jg(M). I 

Lemma 7.25 Let P be a program and G =^ k be a goal. Let Gq = G, Gi =^ Ai, . . . , G„ =■(— 
A„ be an SLD-refutation of length n using basic substitutions 9i, . . . ,9n- Then, for every model 
MofP and for every state s over the domain of M, [A6'i • • • 6'„]^(Af) □ [A„]g(M). 

Proof. Using Lemma 17.241 Lemma 17.121 and induction on n. I 

Theorem 7.26 (Soundness) Let P be a program and G =^ A a goal. Then, every computed 
answer for P U {G} is a correct answer for P U {G}. 

Proof. The result is a direct consequence of Lemma 17.251 for G„ = I 
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7.5 Completeness of SLD-resolution 



In order to establish the completeness of the proposed SLD-resolution, we need to first demon- 
strate a result that is analogous to the lifting lemma of the first-order case (see |Llo87| ). We 
first state (and prove in the appendix) a more technical lemma, which has as a special case 
the desired lifting lemma. 

In the rest of this subsection, whenever we refer to a "substitution" we mean a "basic 
substitution" . 

Lemma 7.27 Let P be a program, G a goal and 9 a substitution. Suppose that there exists 
an SLD-refutation of P U {GO} using substitution a. Then, there exists an SLD-refutation 
o/ P U {G} using a substitution 5, where for some substitution 7 it holds that 5'y ^ 9a and 
dom{5^ — 9a) is a (possibly empty) set of template variables that are introduced during the 
refutation 0/ P U {G}. 

The proof of the above lemma is by a straightforward (but tedious) induction on the length 
of the SLD-refutation of P U {G9}, and is given in Appendix [El 

Lemma 7.28 (Lifting Lemma) Let P be a program, G a goal and a substitution. Suppose 
that there exists an SLD-refutation of P U {Q9} using substitution a. Then, there exists an 
SLD-refutation 0/ P U {G} using a substitution 6, where for some substitution 7 it holds that 
G6^ = G9a. 

Proof. By Lemma 17.271 6'y and 9a differ only in template variables that are introduced 
during the refutation. By the restriction mentioned in Definition 17.191 these variables are 
different from the variables in the goal G. Therefore, 6j and 9a agree on the expressions they 
assign to the free variables of G. I 

Notice that the above lifting lemma differs slightly from the corresponding lemma for 
classical logic programming, where we actually have the equality 6'y = 9a. This difference is 
due to the existence of template variables in the higher-order resolution proof procedure. Of 
course, if we restrict the higher-order proof procedure to apply to first-order logic programs, 
then it behaves like classical SLD-resolution and the usual lifting lemma holds. 

Example 7.29 Consider any program P of our higher-order language and consider the goal 
clause G =^ R(Z), where Z is of type l and R of type i ^ 0. Let 9 = {R/AX. (X k. a),Z/a}. 
Then, G9 =-<r- (AX. (X ~ a)) (a). We have the following SLD-refutation: 

(AX . (X a) ) (a) A (a pa a) A □ 

Therefore, G9 has an SLD-refutation with substitution a = e. On the other hand, we have the 
following SLD-refutation of G: 

, ^ {R/AX.(X f« Xo)} , ^ e , ^ {Xq/Z} 

R(Z) ^ ' -> " ^ (AX. (X ^ Xo)) (Z) A (Z Xo) A ^ □ 

Therefore, G has an SLD-refutation with substitution 6 which is equal to the composition 
of the substitutions {R/AX.(X ^ Xq)}, e and {Xq/Z}, ie., 5 = {R/AX.(X ^ Z),Xo/Z}. Let 
7 = {Z/a}. Then, 5-f = {R/AX. (X sa a),Xo/a,Z/a} while 9 = {R/AX. (X » a),Z/a}. We see 
that 57 D 9a and dom{6^ — 9a) = {Xq} (which is a template variable). Moreover, it holds 
G9a = G6j. I 

Before we derive the first completeness result, we need certain definitions and lemmas. 
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Definition 7.30 Let P be a program and let E be a positive expression or a goal clause. We 
define Se to be the set of all expressions that can be obtained from E by substituting zero or 
more occurrences of every predicate constant p in E with the expression Ei \/^ • • • \/^ E/., where 

p Ei are all the clause^ for p in P. Moreover, E G S'e is the expression obtained from E 
by substituting every predicate symbol occurrence with the corresponding expression. 

Lemma 7.31 Let P be a program, E a positive expression or a goal clause, L a Herbrand 
interpretation of P and s a Herbrand state. Then, |E]^(rp(/)) = |E]^(/). 

Proof. The proof is by structural induction on E. Assume that E is a positive expression (the 
proof for the case of goal clause is similar) . For the induction basis we need to consider the cases 
where E is an argument variable V, an individual constant c, a propositional constant (0, 1), or 
a predicate constant p. Except for the last one, all other cases are straightforward because the 
meaning of E is independent of Tp{L) and /. For the last case assume that Ei, . . . , E^ are all the 
bodies of the rules defining p in P. By definition of the Tp operator, it holds that [p]^(Tp(I)) = 

U(p^.E,)epIE.LW- Moreover, [EL(I) = [Ei V. • • • V. EfcL(/) = U(p^.E,)eP I^J. This 
completes the basis case. For the induction step, all cases are immediate. I 

9 S 

Lemma 7.32 Let P a program, G,G' goals and G' G S'g- If G' —?■ H' then G ^ H, where 
H' G 5h- 

Proof. The proof is by induction on the number m of top-level subexpressions of the goal 
G that are connected with the logical constant A. The basis case is for m = 1, ie., it applies 
to goal clauses G that do not contain a top-level A. Assume that G A. The cases we 
need to examine for A for the induction basis are the following: (p Ai • • • A„), (Q Ai, . . . A„), 
((AV.A') Ai • • • A„), ((A' V. A") Ai • • • A„), ((A' A. A") Ai • • • A„), (Ai « A2), and (3V A). The 
only non-trivial case is A = (p Ai • • • A„), which we demonstrate. Assume that p is defined 
in P with a set of k rules with right-hand sides Ei, . . . , E^. Let Ep = Ei \/^ ■ ■ ■ \/^ E^. Since 
G =^ (p Ai • • • A„), we have that G' =^ (A' A'^ • • • A^), with A' G S'p, A'^ G , • • • , A^, G S^^ . 
We distinguish three cases for A': 

• A' = p. Then G' A H', where H' =^ {Ej A[--- A'J for some j. We also have that G A H, 
where H (Ej Ai • • • A„). Obviously, it holds that H' G Sh- 

• A' = Ep and Ep contains more than one disjunct. Then G' A H', where H' =■(— 
{Ej A[ - ■ ■ A^). We also have that G A H, where H =<r- {Ej Ai • • • A„). Again, it holds 
that H' G S'h- 

• A' = Ep and Ep contains exactly one disjunct. Then this disjunct must be a lambda 
abstraction of the form (AV.A"). This implies that G' =^ ((AV.A") A'^ • • • A^) and G' A 
H', where H' =^ (A"{V/A;} A^ • • • A^). On the other hand, G A Hi, where Hi =^ 

((AV.A") Ai • • • A„), and Hi A H, where H =^ (A"{V/Ai} A2 • • • A„). Therefore, G A H 
where H' G S\-\. 

The above completes the proof for the basis case. For the induction step, the goal must be 
of the form G =^ (Ai A A2). Then, G' =^ (A'^ A A'2) where A'^ G Sa^ and A'2 G Sa^- Since 

6 6 

G' H', we conclude without loss of generality that A'^^ H[ and H' =^ (H'^ A Ag^). By the 

^We may assume without loss of generality that each predicate symbol p that is used in P, has a definition 
in P: if no such definition exists, we can add to the program the clause p ,r E, where E is a basic expression 
corresponding to the basic element 
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induction hypothesis, since A'^ — )• H'^, we get that Ai Hi, where H'^ € S\-\^. But then this 



easily imphes that (Ai A A2) ^ (Hi A A26), ie., G ^ H, where H' € Sh- This completes the 
proof for the induction step and the lemma. I 

Lemma 7.33 Let P be a program, G,G' goals and G' € S'g- // there exists an SLD-refutation 
for P U {G'} using substitution 0, then there also exists an SLD-refutation for P U {G} using 
the same substitution 9. 

Proof. The proof is by induction on the length n of the refutation of P U {G'}. The induction 
basis is for n = 1 and includes the following cases for G: (□ A □), (□ V Ei), (Ei V □), (Ei E2), 
((AV.n) E) and (3V □). It can be easily verified that the lemma holds for all these cases. 

Suppose now that the result holds for n — 1. We demonstrate that it also holds for n. 
Let G' = Gg, G'l, . . . , G^ be the derived goals of the SLD-refutation of G' using the sequence 

of substitutions 6*1, .. . ,6'n- Since G' G'l, by Lemma [7.321 there exists a goal Gi such that 

G -» Gi and G'l G 5'^- By the induction hypothesis, P U {Gi} has an SLD-refutation using 
6*2 ••• 6*71- It follows that P U {G} also has an SLD-refutation using 9 = Oi ■ ■ ■ On- 1 

Corollary 7.34 Let P be a program and G a goal. If there exists an SLD-refutation for 
P U {G} using substitution 0, then there also exists an SLD-refutation for P U {G} using the 
same substitution 9. I 

Lemma 7.35 Let P be a program and G =•<— IK be a goal such that |A]^(_Lxp) = 1 for all 
Herbrand states s. Then, there exists an SLD-refutation for P U {G} with computed answer 
equal to the identity substitution. 

The proof of the lemma can be found in Appendix iFl 

As in the first-order case, we have various forms of completeness. We can now prove the 
analogue of a theorem due to Apt and van Emden (see |Apt90| [Lemma 3.17] or [Llo87j [Theorem 
8.3]). 

Theorem 7.36 Let P be a program, G =-<r- A a goal and assume that |A]g(Mp) = 1 for all 
Herbrand states s. Then, there exists an SLD-refutation for P U {G} with computed answer 
equal to the identity substitution. 

Proof. We prove by induction on n that if |A]^(Tp n) = 1 for all Herbrand states s, then 
P U {G} has an SLD-refutation with computed answer equal to the identity substitution. For 
n = the proof is a direct consequence of Lemma I7.35[ 

Now suppose that the result holds for n — 1. For the induction step assume that [A]^(rpt 
n) = 1 for all s. By Lemma 17.311 [A]g(Tp'|"(n — 1)) = 1. By the induction hypothesis there 
exists an SLD-refutation for P U {G} with computed answer equal to the identity substitution. 
Let 9 be the composition of the substitutions that are used during the SLD-refutation of 
P U {G}. By Corollary [7311 P U {G} also has an SLD-refutation using the same substitution 9. 
The restriction of 9 to the free variables of G is equal to the restriction of 9 to the free variables 
of G which is equal to the empty substitution. Therefore, P U {G} has an SLD-refutation with 
computed answer equal to the identity substitution. I 

The following theorem generalizes a result of Hill [H74j (see also |Apt90| [Theorem 3.15]): 



29 



Theorem 7.37 Let P be a program and G =^ A a goal. Suppose that Pu{G} is unsatisfiable. 
Then, there exists an SLD-refutation of P U {G}. 

Proof. Since P U {G} is unsatisfiable and since Mp is a model of P, we conclude that 
|G]^(Mp) = 0, for some state s. Therefore, [A]g(Mp) = 1. By Lemma [7.151 we can con- 
struct a substitution 9 such that [A0]g/(Mp) = 1 for all states s'. By Theorem 17.361 there 
exists an SLD-refutation for P U {G9}. By Lemma 17.281 there exists an SLD-refutation for 
PU{G}. I 

Finally, the following theorem is a generalization of Clark's theorem |Cla79j (see also the 
more accessible |Apt90| [Th eorem 3.18]) for the higher-order case: 

Theorem 7.38 (Completeness) Let P be a program and G =■(— A a goal. For every correct 
answer for P U {G}, there exists an SLD-refutation for P U {G} with computed answer 5 and 
a substitution 7 such that G9 = GS^y. 

Proof. Since is a correct answer for P U A}, it fohows that |A6']^(Mp) = 1 for all 
Herbrand states s. By Theorem 17.361 P U {G9} has an SLD-refutation with computed answer 
equal to the identity substitution. This means that if a is the composition of the substitutions 
used in the refutation of P U {G9}, then G9a = G9. By Lemma 17.281 there exists an SLD- 
refutation for P U {G} using substitution 5' such that for some substitution 7, G5'j = G9a. 
Let 5 be 5' restricted to the variables in G. Then, it also holds that G5'7 = G57, and therefore 
G(57 = G9a = G9. I 



8 Related Work 

As already discussed in Section [H research in higher-order logic programming can be catego- 
rized in two main streams: the extensional approaches and the intensional ones. 

Work on extensional higher-order logic programming is rather limited. Apart from the re- 
sults of |Wad91pl . the only other work that has come to our attention is that of M. Bezem |Bez991 
IBezOlj . who considers higher-order logic programming languages with syntax similar to that 
of |Wad91] . In |Bez01| a notion of extensionality is defined (called the extensional collapse) 
and it is demonstrated that many logic programs are extensional under this notion; however, 
this notion appears to differ from classical extensionality and has a more proof-theoretical 
flavor. 

On the other hand, work on intensional higher-order logic programming is much more 
extended. The two main existing approaches in this area are represented by the languages 
AProlog and HiLog. Both systems have mature implementations and have been tested in 
various application domains. It should be noted that both AProlog and HiLog encourage a 
form of higher-order programming that extends in various ways the higher-order programming 
capabilities that are supported by functional programming languages. For a more detailed 
discussion on this issue, see [NM98j [section 7.4]. 

In the rest of this section, we give a very brief presentation of certain characteristics of these 
two systems that are related to their intensional behavior (ie., characteristics that will help 
the reader further clarify the differences between the intensional and extensional approaches). 
A detailed discussion on the syntax, semantics, implementation and applications of the two 
languages, is outside the scope of this paper (and the interested reader can consult the relevant 
bibliography) . 

^The work in [Wad91| has also been used in order to define a higher-order extension of Datalog [KRW05] . 
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AProlog: The language was initially designed in the late 1980s |MN861 [Nad871 INM90] in order 
to provide a proof theoretic basis for logic programming. The syntax of AProlog is based on 
the intuitionistic theory of higher-order hereditary Harrop formulas. The resulting language is 
a powerful one, that allows the programmer to quantify over function and predicate variables, 
to use A-abstractions in terms, and so on. The semantics of AProlog is not extensional (see for 
example the discussion in |NM98] ). The following simple example illustrates this idea. 

Example 8.1 Consider the XProlog program (we omit type declarations): 

r p. 

p X :- q X. 
q X :- p X. 

The goal ?-r q. fails for the above program. I 

In the following we briefly discuss the behavior of AProlog with respect to queries that contain 
uninstantiated higher-order variables (because, from a user point of view, this is a key concept 
that can differentiate an intensional system from an extensional one). Consider for example 
the query: 

?-(R John mary) . 

The above goal is not a meaningful one for AProlog because there exist too many suitable 
answer substitutions (ie., predicate terms) for R that one could think of (see the relevant 
discussion in [NM98j [page 50]). One way to get answers to such queries is to use an extra 
predicate, say rel, which specifies a collection of predicate terms that are relevant to consider 
as substitutions. In this case, the above query will be written as: 

?-(rel R) , (R John mary) . 

and the implementation will return those terms for which the query succeeds. In other words, 
an answer for the above query is a predicate term (such as for example married, father, 
a lambda expression, and so on). As remarked in |CKW93] . "equality in (a fragment of) 
AProlog corresponds to A-equivalence and is not extensional: there may exist predicates that 
are not A-equivalent but still extensionally equal" . This is a key difference from the extensional 
approach presented in this paper, in which an answer to a query is a set. 

HiLog: The language possesses a higher-order syntax and a first-order semantics |CKW89l 
ICKW93] . It extends classical logic programming quite naturally, and allows the programmer 
to write in a concise way programs that would be rather awkward to code in Prolog. It 
has been used in various application domains (eg. deductive and object-oriented databases, 
modular logic programming, and so on). 

As it is the case with AProlog, HiLog is also an intensional higher-order language. The 
examples with uninstantiated higher-order variables mentioned for AProlog have a somewhat 
similar behavior in HiLog. However, consider the program: 

married (John, mary) . 

Then, the query: 

?-R( John, mary) . 

is a meaningful one for HiLog, and the interpreter will respond with R = married. Intuitively, 
the interpreter searches the program for possible candidate relations and tests them one by 
one. Of course, if there is no binary relation defined in the program, the above query will fail. 

The above program behavior can be best explained by the following comment from |CKW93] : 
"in HiLog predicates and other higher-order syntactic objects are not equal unless they (ie., 
their names) are equated explicitly". 
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9 Implementation and Future Work 



A prototype implementation of the proposed proof procedure has been performed in Haskelf2|. 
A detailed description of the implementation is outside the scope of this paper. However, in 
the following we outline certain points that we feel are important. 

The main difference in comparison to a first-order implementation, is that the proof proce- 
dure has to generate an infinite (yet enumerable) number of basic templates. In order to make 
more efficient the production of the basic templates, one main optimization has been adopted. 
As we have already mentioned in Definition 17.31 a basic template is a non-empty finite union 
of basic expressions of a particularly simple form. In the implementation, the members of this 
union are generated in a "demand-driven way" , as the following examples illustrate. 

Example 9.1 Consider the query (R a b) , (R c d) . The proposed proof procedure would 
try some basic templates until it finds one that satisfies the query. However, if it first tries 
the basic template (AX. AY. (XwZ) A(Y?sW)) then this will obviously not lead to an answer 
(since a relation that satisfies the above query must contain at least two pairs of elements). 
In order to avoid such cases, our implementation initially produces a basic expression that 
consists of the union of a basic template with an uninstantiated variable (say L) of the same 
type as the template; intuitively, L represents a (yet undetermined) set of basic templates 
that may be needed later during resolution and which need not yet be explicitly generated. 
In our example, the implementation starts with the production of an expression of the form 
(Ax. AY. (X~Z)A(Y~W)) y L. When the second application in the goal is reached, then a sec- 
ond basic template will be generated together with a new uninstantiated variable (say Ll). 
The final answer to the query will be an expression of the form: (AX.AY. (X~a)A(Y~b)) \/ 
(Ax. Ay. (X~c) A(Y~d)) y Ll. The intuitive meaning of the above answer is that the query 
is satisfied by all relations that contain at least the pairs (a,b) and (c,d). 

Notice that an important practical advantage of the above optimization is that a unique 
answer to the given query is generated. Notice also that if the formal proof procedure of 
the previous sections was followed faithfully in the implementation, then an infinite number of 
answers would be generated: an answer representing the two-element relation {(a, b), (c, d)}, an 
answer representing all three-element relations {(a, b), (c,d), (XI, X2)}, an answer representing 
the four-element relations {(a, b), (c, d), (XI, X2), (X3, X4)}, and so on. I 

Example 9.2 Consider the ordered predicate of Example \3.7\ and let ^ ordered R [1,2,3] 
be a query. Following the same ideas as in the previous example, the implementation will 
produce the unique answer (AX. AY. (XRil) A(Y«2)) V (AX. AY. (XRi2)A(YRi3)) V L- Intu- 
itively, this answer states that the list [1,2,3] is ordered under any relation of the form 
{(1,2),(2,3)}UL. 

Finally, consider Example \3.6\ defining the closure predicate. Consider also the query 
^ closure Q a b. Then, the implementation will enumerate the following (infinite set of) 
answers: 

Q = (AX.AY. (XRia)A(YRib)) V L 

Q = (AX.AY. (X«a)A(Y«Z))V(AX.AY. (X«Z)A(YRib)) V L 

which intuitively correspond to relations of the following forms: 

Q = {(a,b)}UL 

Q = {(a,Z),(Z,b)}UL 

^The code can be retrieved from |http : // code . haskell . org/hopes | 
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Intuitively, the above answers state that the pair (a, b) belongs to the transitive closure of all 
relations that contain at least the pair (a, b); moreover, it also belongs to the transitive closure 
of all relations that contain at least two pairs of the form (a, Z) and (Z,b) for any Z, and so 
on. I 



We are currently considering issues regarding an extended WAM-based implementation of 
the ideas presented in the paper. We believe that ideas originating from graph-reduction [FH88] 
will also prove vital in the development of this extended implementation. 

Another interesting direction for future research is the extension of our higher-order frag- 
ment with negation-as-failure. The semantics of negation in a higher-order setting could 
probably be captured model-theoretically using the recent purely logical characterization of 
the well-founded semantics through an appropriate infinite- valued logic |RW05| . 



Acknowledgments: We would like to thank Costas Koutras for valuable discussions regard- 
ing algebraic lattices and the reading group on programming languages at the University of 
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A Proof of Lemma 14.171 

In order to establish Lemma 14.171 we first demonstrate the following auxiliary propositions: 

Proposition A.l Let A be a poset and L be an algebraic lattice. Then, for each step function 
(a \ c) and for every f : [A ^ L] it holds that (a \ c) C / i/ and only if c ^ f{a). 

Proof. If (a \ c) C /, by applying both functions to a we get c C /(o)- Now suppose that 
c !^ f{a) and consider an arbitrary x A. In case a Q x, we have (o \ c)(x) = c thus, 
since c Q f{a) and / is monotonic, (a \ c){x) C fix). Otherwise, (a \ c)(x) =-Ll thus 
(a \ c){x) □ f{x). It follows that (a \ c) □ /. I 

Proposition A. 2 Let L be a complete lattice and assume there exists B C /C(L) such that for 
every x G L, x = \_\B[x]- Then L is an algebraic lattice (uj-algebraic if B is countable) with 
basis /C(L) = {|JA/ | M is a finite subset of B}. 

Proof. It is immediate that L is algebraic, since by assumption every element of L can be 
written as the least upper bound of a set of compact elements of L. The nontrivial part is 
establishing the relation between IC{L) and B. 

Given x G L, we let A(x) be the set {|J M | M is a finite subset of -B[a;]}- Notice that 
^[x] = U{^^ I M is a finite subset of -B[x]}- Using Proposition I4.3r 2). we have that |J -B[x] = 
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|JA(a;) and thus U A(x) = x. We show that for each x G L it holds that /C(L)[2,] = A(x) by 
proving that each set is a subset of the other one. 

First consider an arbitrary c € /C(L)[^.] and recall that c = |jA(c). By the compactness 
of c, there exists a finite A C A(c) such that c C |J A. But then IJ ^ !^ c because c is 
an upper bound of A(c), and therefore c = |J^. By the definition of A(c) and the fact 
that j4 C A(c), we get that c = |J{|J Mi, . . . , |J Mr}, where Mi, . . . , Mr are finite subsets of 
By Proposition 14.3( 2). c = |J (Mi U • • • U Mr). In other words there exists a finite set 
M = Ml U • • • U Mr such that M C B[c] ^ B[^] and c = \jM, which means that c € A(a;). 

On the other hand, consider a finite set M = {ci, . . . , c„} C Sj^] such that |J M G A(x). 
Let ^ be a subset of L such that |J M C |Jvl. Due to the compactness of each Cj, by 
Ci Q \_\A we get Cj Q \_\Ai for some finite Ai C A. But then, for every i, ct ^ \_\Ai Q 
\J{\_] Ai,... ,\J An} = LK^i U • • • U An). In other words, |J M □ □(Ai U • • • U An), which 
implies that |J M is compact. Moreover, since x is an upper bound of M, we have that 
UM G /C(L)[,]. Hence, /C(L)[,] = A(x). 

To complete the proof, simply take x = |J L in the equality IC^L)^^] = A(x). If, additionally, 
B is countable, the cardinality of /C(L) is bounded by the number of finite subsets of a countable 
set, which is countable. Hence, L is an cj-algebraic lattice in this case. I 

We can now proceed to the proof of Lemma l4.17t 

Lemma 14.171 Let yl be a poset and L be an algebraic lattice. Then, [A ^ L] is an algebraic 
lattice whose basis is the set of all least upper bounds of finitely many step functions from 
^ to L. If, additionally, A is countable and L is an w- algebraic lattice then [A ^ L] is an 
w-algebraic lattice. 

Proof. Let B denote the set of all step functions from A to L. Recall that [A ^ L] forms 
a complete lattice by Proposition 14.101 Let (a \ c) G -B be an arbitrary step function. We 
show that (a \ c) is compact. Consider a set F of monotonic functions from ^ to L such that 
(a \ c) C y F. By Prop ositions I A . 1 1 and 14 . 1 0] we get that c Q U/eF f('^)- compactness 
of c, there exists a finite F' C F such that c C U/eF' /(^)- /' = U Then, c Q f'{a), or 
equivalently by Proposition lA.il (a \ c) C /' = |J F'. Hence, (a \ c) is compact. 

We now show that every monotonic function / G ^ L] is the least upper bound of . 
Since / is an upper bound of this set, we let g be an upper bound of Sjj] and prove that f Q g. 
In fact, we consider an arbitrary x G A and prove that /(x) !^ g{x). Suppose Sx is the set of 
all step functions he = {x \ c) for every compact element c G /C(L)jj(^.)]. By Proposition I A. H 
we have that for all step functions he G Sx, are he Q /; thus Sx is a subset of Since g is 
an upper bound of B^jj, it must also be an upper bound of Sx, therefore it holds that he Q g 
for each he G Sx- Applying this inequality for x we get that c Q g{x) for each c G K.[L)\^f(^x)]-, 
therefore lJ^(-^)[/(x)] E g{x). Since L is an algebraic lattice, /(x) is the least upper bound of 
/C(L)jj(^.)], thus /(x) C g{x). Hence, / is the least upper bound of 

On the whole, we have shown that S is a subset of K,{[A ^ L\) such that each monotonic 
function / from ^ to L is the least upper bound of -Bjj]. Notice that if, additionally, A is 
countable and L is an w-algebraic lattice, then B is countable because its cardinality is equal 
to that of the cartesian product of two countable sets. Now apply Proposition IA.2[ I 

B Proof of Lemma 15.101 

Lemma 15.101 Let E : p be an expression of % and let D be a nonempty set. Moreover, let 
s, si, S2 be states over D and let / be an interpretation over D. Then: 
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1. [EL(/) G M^. 

2. If E is positive and si Qsn,D ^2 then [El,^(/) Cp [El^^(/). 

Proof. The two statements are estabhshed simultaneously by a structural induction on E. 

Induction Basis: The cases for E being 0, 1, c, p or V, are all straightforward. 

Induction Step: The interesting cases are E = (E1E2) and E = (AV.Ei). The other cases are 
easier and omitted. 

Case 1: E = (E1E2). We examine the two statements of the lemma: 

Statement 1: Assume that Ei : pi ^ 7r2 and E2 : pi- Then, it suffices to demonstrate 
that |(EiE2)i(/) G I^21d> or equivalently that U6gB(IEiL(/)(6)) G [^2!^. where B = 
7'_D(iype(E2))j|^_^j ^^^^ = {fe G TD{type{^2)) \ b C |E2l^(/)}. By the induction hypothesis, 

[EiL(/) G Ipi ^^TT^jry and [E2L(/) G {pijj,. But then, for every b G B, [Ei],(/)(6) G {^2}^ 
and since l'n'2}D ^ complete lattice, we get that UbGB(lEils(-^)(ft)) € [vr2]j5. 

Statement 2: It suffices to demonstrate that |(EiE2)]^^(/) !^ |(EiE2)]52(-^)' equivalently 
that U,gB,(IEiL,(/)(62)) Q Ub',eB',il^ilsMM)), where B2 = TD{type{E2))^^^^j^^^j^^ and 
i?2 = •^D(*ype(E2))j|^_^j ^js^y Notice that by definition, B2 = {b G T£){type{E2)) \ b Q 

|E2]^^(/)} and B2 = {b € Jz)(type(E2)) | b Q lE2]s2(-^)}- By the induction hypothesis we have 
|E2]^^(/) E IE2ls2(-^)' ^^^^ therefore B2 C B2. By the induction hypothesis we also have that 
|Ei]^^(I) C |Ei]g (/). By the induction hypothesis for the first statement of the lemma, both 
|Ei]^^(J) and |Ei]g^(I) are monotonic functions since they belong to {pi vr2]£). Therefore, 
UfeeB.([EiL,(/)(&2)) E Ub'^eB^miJs^lM)), or equivalently I(EiE2)L^(/) E [(EiE2)L2(/). 

Case 2: E = (AV.Ei). We examine the two statements of the lemma: 

Statement 1: Assume that V : pi and Ei : vri. We show that |(AV.Ei)]g(/) G \pi — )• ttiJ^,. 
We distinguish two cases, namely pi = l and /Oi = vr. li pi = l then the result follows easily 
using the induction hypothesis for the first statement of the lemma. If /?i = tt, then we must 
demonstrate that [(AV.Ei)], (/) G [vr ^ vri]^ = [/C(|7r]^) ^ Ivnl £,]. In other words, we need 
to show that the function A(i.|Ei]gj^yyj (/) is monotonic. But this follows directly from the 
induction hypothesis for the second statement of the lemma. 

Statement 2: It suffices to show that [(AV.Ei)], (/) E II('^V.Ei)],_^(/). By the semantics of 
lambda abstraction, it suffices to show that A(i.|fEi],^[^yy] (/) E '^'^•[Ei]s2[d/v] (-^)' or that for 
every d, [Ei],^[^/v](-^) E l^i\s2[d/y]i^)^ which holds by the induction hypothesis. I 

C Proof of Lemma 16.5 

Lemma 16.51 Let P be a program and let E : p be a positive expression of P. Let /, J be 

Herbrand interpretations and s a Herbrand state of P . If / Exp J then |E],(/) Ep [E]j,(J). 

Proof. The proof is by a structural induction on E. 

Induction Basis: The cases for E being 0, 1, c, p or V, are all straightforward. 

Induction Step: The interesting cases are E = (E1E2) and E = (AV.Ei). The other cases are 
easier and omitted. 
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Case 1: E = (E1E2). It suffices to demonstrate tliat |(EiE2)]^(I) !^ |(EiE2)]^(J), or equiv- 
alently that Ub,gB,(IEiL(/)(62)) E Ub^gB^(lEiL(J)(&'2)), where = J-D(type(E2))[|,^j^(,)j 
and i?2 = •^D(iype(E2))j|^_^j ^^^j. Notice that by definition, B2 = {h ^ TD{type{E2)) \ b C 

|E2]^(/)} and B2 = {b £ J^Ditype{E2)) \ b C [E2]<j(«/)}- By the induction hypothesis we have 
|E2]^(/) E [E2]s(</), and therefore B2 C B2. By the induction hypothesis we also have that 
[Eil,(I) □ lEil,(J). Therefore, Ub,eB,mUl)(b2)) E Ub'.eB'.miUJM)) , or equivalently 
I(EiE2)L(/) □ I(EiE2)L(J). 

Case 2: E = (AV.Ei). It suffices to show that |(AV.Ei)]^(I) □ |(AV.Ei)l^( J). By the semantics 
of lambda abstraction, it suffices to show that A(i.[Ei]^[^/v] (^) != -^'^•lEils[d/v] °^ ^^^^ for 
every d, [Ei]^j^^y](I) C [EiJ^j^yy] ( J), which holds by the induction hypothesis. I 

D Proof of Lemma 16.61 

Lemma 16.61 Let P be a program and let E be any positive expression of P. Let X be a 
directed set of Herbrand interpretations and s be a Herbrand state of P. Then, |E]j,(|jX) = 

U/eiIEL(/). 

Proof. The proof can be performed in two steps: we first show that [E]^(|J X) □ U/gx I^Ll-^) 
and then that IE],(|JI) C |J,gj [E]^(/). 

For the first of these two statements observe that by Lemma [6.51 we have that |E]^(|JT) □ 
IE]^(/), for ah / G X. But then [E]^(UZ) is an upper bound of the set {IE]^(/) | / G X}, and 
therefore [E]^(|JX) □ U^gi[E]^(/). It remains to show that IE]^(|JX) C U/gxIEL(^)- The 
proof is by a structural induction on E. 

Induction Basis: The cases for E being 0, 1, c, p or V, are all straightforward. 

Induction Hypothesis: Assume that for given expressions Ei,E2 it holds that [EjJ^dJX) = 
U/ex IE«L(-^)' ^ ^ {1)2}. Notice that we assume equality. This is due to the fact that the one 
direction has already been established for all expressions while the other direction is assumed. 

Induction Step: We distinguish the following cases: 

Case 1: E = f Ei • • • E„. This case is straightforward since for every interpretation / and for 
every state s, the value of |f Ei • • • E„]^(/) only depends on s (since the expressions Ei, . . . , E„ 
are of type t and do not contain predicate symbols). 
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Case 2: E = (E1E2). Assume that E2 : p- Then: 
[(EiE2)L(UX) = 

= UbeBmUUm)), where B = {b e Td{p) \ b □ IE2L(UX)} 
(Semantics of apphcation) 

= UbeBiiUiei [EiL(/))(6)), where B = {b e Fd{p) \ b □ lE2i(UX)} 
(Induction hypothesis) 

= U6eB(U/6X lEii(/)(&)), where B = {b ^ Fd{p) \ b C l^2UU^)} 
(Proposition I4.10p 

= UmUm) \l€l,be Tnip), b □ IE2L(UX)} 
(Proposition 1131^2)) 

= U{lEiL(/)(&) I / e X, 6 G Tn{p), b □ Uiex 1^21(1)} 
(Induction hypothesis) 

= U{IEiL(/)(&) be Td{p), b □ UjeF IE2L(J), F finite subset of 1} 

(Since b is either a compact element or a member of D) 

E U{lEiL(/)(6) I / G X, 6 G Td{p), b □ IE2L(J)}, for some J G X 
(Because X is directed and |E2]g is monotonic by Lemma l6.5p 

E U{lEiL(/)(6) I / G X, J G X, 6 G 7-d(p), 6 E IE2L(J)} 
(Proposition 1131^1)) 

E UiexjexUmUm I b G Td{p), b □ [E2L(J)} 
(Proposition 1131^2)) 

E U/exU{lEiL(/)(fo) I & e ^d(p), 6 E [E2L(/)} 
(Proposition I4.7p 

= U/ex[(EiE2)L(/) 

(Semantics of apphcation) 



Case 3: E = (AV.Ei). We show that [(AV.Ei)],(U X) □ U/gx I(^V.Ei)l,(/). Consider b G 
Fnitypeiy)). By the semantics of lambda abstraction we get that |(AV.Ei)]^(|JX)(6) = 
IEiL[fe/v](U-^)! by the induction hypothesis this is equal to LJ/ex [Eils[b/v] (-^)' which by Propo- 
sition illO] is equal to |(AV.Ei)]^(/))(6). 

Case 4: E = (Ei V, E2). We show that [(Ei V, E2)L(UX) □ U/ex I(Ei V. E2)L(/), ie., that 
for ah 61, ... , bn, if I(Ei E2)L(UX) 61 • • • 6. = 1 then (U,,^ [(Ei E2)L(/)) 61 • • • 6n = 1. 
By the semantics of \/^ we get that if |(Ei E2)1,(UX) 61 • • • 6„ = 1 then lEi]^(UX) 61 • • • 6„ = 
1 or |E2]5(|J^)^i ■ • • &n = 1- By the induction hypothesis and Proposition 14.101 we get that 
either U/exdEiLC-f) 61 • • • 6„) = 1 or U/ex(lE2L(/) bi ■ ■ ■ bn) = 1. Then there must exist / G X 
such that either |Ei]^(/) 61 • • • 6^ = 1 or |E2|j,(-^) 61 • • • 6n = 1- By the semantics of Vtt we get 
that I(Ei E2)L(/) 61 • • • 6„ = 1 and therefore (\Jiex I(Ei V. E2)L(/)) 61 • • • 6„ = 1. 

Case 5: E = (E1A.E2). We show that [(Ei A. E2)L(UX) Q U/ex I(Ei A. E2)i(/). In 
other words, it suffices to show that for all 61,..., 6„, if {{^i /\j^^2)}s(L\^) bi • • • bn = 1 
then (UgxI(EiA.E2)L(/))6i---6„ = 1. But if [(Ei A. E2)L(UX) 61 • • • 6„ = 1, then by 



38 



the semantics of /\^ we get that [Ei]^(|jX) 61 • • • 6„ = 1 and [E2]g(|jX) 61 • • • 6„ = 1. By 
the induction hypothesis and Proposition 14.101 this imphes that U/gx(I^iL(-^) ^1 ' ' ' ^n) = 1 
and |J/ej(lE2L(-^) ^1 • • • = 1- This means that there must exist /i,/2 G I such that 
|Ei]^(/i) 5i • • • 6„ = 1 and [E2l3(/2) 61 • • • 6n = 1- Since I is directed, we get that / = U{-^i' -^2} 
exists in I and it holds that |Ei]^(/) 61 • • • 6^ = 1 and |E2]5(/) fei • • • 6n = 1- By the semantics 
of A., [(El A. E2)L(/) 61 • • • 6n = 1 and therefore (Ujex I(Ei A. E2)L(/)) fei • • • 6n = 1- 

Case 6: E = (Ei « E2). It suffices to show that [(Ei « E2)1,(1J2:) E U/ei K^i ~ E2)l,(/). 
This is straightforward since the value of [(Ei k, E2)] only depends on s (since the expressions 
El, E2 do not contain predicate symbols). 

Case 7: E = (3VEi). We show that [(3Ei)],(UX) □ U/ex [(3V Ei)l,(/) or equivalently that 
if [(3VEi)l,(|JX) = 1 then U/gi [(3V Ei)],(/) = 1. Notice now that if I(3VEi)i(UX) = 1 
then there exists h such that [EiJ^j^/vjdJX) = 1, which by the induction hypothesis gives 

U/ex IEils[b/v] (-^) ~ ^- -^^^ ^^^^ statement implies that U/ex [(3^Ei)]g(/) = 1. I 

E Proof of Lemma 17.271 

Lemma 17.271 Let P be a program, G a goal and 6 a substitution. Suppose that there exists 
an SLD-refutation of P U {G^} using substitution a. Then, there exists an SLD-refutation 
of P U {G} using a substitution 5, where for some substitution 7 it holds that ^7 3 6a and 
dom{5^ — 9a) is a (possibly empty) set of template variables that are introduced during the 
refutation of P U {G}. 

Proof. The proof is by induction on the length n of the SLD-refutation of P U {G^}. 

Induction Basis: The basis case is for n = 1. We need to distinguish cases based on the 
structure of G. The most interesting case is G = (Ei ~ E2) (the rest are simpler and omitted). 
By assumption, it holds that {Ei9 ~ E2O) A □, where a is an mgu of Ei9 and E2^. But then 

we also have that (Ei ~ E2) A □, where 6 is an mgu of Ei and E2. Since 9a is a unifier of 
El, E2, there exists substitution 7 such that 9a = 5j. 

Induction Step: We demonstrate the statement for SLD-refutations of length n + 1. We dis- 
tinguish cases based on the structure of G. 

Case 1: G =^ (p Ei • • • E^). Then, G9 =^ (p (E16I) • • • {E^ff)). By Definition EH] we get 
that p (Ei0) • • • (Efc0) E (Ei^) • • • (Efc0), where p E is a rule in P. By assumption, 
E (Ei^) • • • (Efc0) has an SLD-refutation of length n using a. Consider now the goal G. By Defi- 
nition msl we get that (p Ei • • • E^) A (E Ei • • • E^). Notice now that since E is a closed lambda 
expression, it holds that (E Ei • • • Ek)9 = (E (E16') • • • {^^9)). Moreover, since (E (E16I) • • • (Efc6')) 
has an SLD-refutation of length n using a, we get by the induction hypothesis that (E Ei • • • E^) 
has an SLD-refutation using substitution 5, where for some substitution 7 it holds that ^7 5 9a 
and dom{6j — 9a) is a set of template variables that are introduced during the refutation of 
(E El • • • Efc). But then, (p Ei • • • E^) has an SLD-refutation which satisfies the requirements of 
the lemma. 

Case 2: G =■(— (Q Ei • • • E^). Consider first the case where 9{Ql) = B, for some basic expression 
B. Then, Qs9 =•(— (B (Ei0) • • • (E^^)). Notice now that B can be either a higher-order predicate 
variable or a finite-union of lambda abstractions. We examine the case where B is a single 
lambda abstraction (the other two cases are similar). Since B is a lambda abstraction, assume 

that B = AV.C. By Definition EH] we get that B (Ei^) • • • (Efc0) 4 C{V/(Ei0)} (E20) • • • (Efc0). 
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By assumption, C{V/(Ei0)} (£2^) • • • (E^^) has an SLD-refutation of length n using a. Consider 

now the goal G. By Definition[7Il we get that (Q Ei • • • E^) ^^-^'^ Bt (Ei{Q/Bt}) • • • (Efc{Q/Bt}), 
where Bj = AV.Ct, and B = Bt7i, for some substitution 71 with dom (71) = FV{Bt). We 
assume without loss of generality that the set dom (71) is disjoint from FV{G) and from 
dom{e) U FV{range{9)). By Definition [TH] we get that Bt (Ei{Q/Bt}) • • • (Efc{Q/Bi}) A 
Q{V/Ei{Q/Bt}} (E2{Q/Ba) • • • {Ek{Q/Bt}). Notice now that: 

((Q{V/Ei{Q/Bt}}) (E2{Q/Ba) • • • (Efc{Q/Bt}))&7i = (C{V/Ei0}) (E20) • • • (EkO) 

Then, since (C{V/Ei0}) (E26') • • • (EkO) has an SLD-refutation of length n using u, we get 
by the induction hypothesis that (Q{V/Ei{Q/Bt}}) (EajQ/Bt}) • • • (Efc{Q/Bt}) has an SLD- 
refutation using substitution 6', where for some substitution 7 it holds 6''y ^ O'jia and 
dom{5'^ — Ojicr) is a set of template variables that are introduced during this SLD-refutation. 
Prom the above discussion we conclude that (Q Ei • • • Efc) has an SLD-refutation using sub- 
stitution 6 = {Q/Bt}6'. Moreover, it holds that 6-f = {Q/BJJ'7 ^ {Q/Bt}9-fia D 9a and 
dom{5'y — Oct) is a set of template variables that are introduced during the refutation of 
(QEi---Efc). 

Consider now the case where 0(Q) is undefined. Then, GO =■(— {Q (EiO) ■ ■ ■ {Ef^O)) . By 

Definition [718] we get that Q (EiO) ■ ■ ■ (E^O) ^^^'^ Bt (Ei0{Q/BJ) • • • (Efe0{Q/Bt}). We may 
assume without loss of generality that the set FV{Bt) is disjoint from FV{G) and from dom{0)VJ 
FV{range{0)). By assumption, Bt{EiO{Q/Bt}) ■ ■ ■ {EkO{Q/Bt}) has an SLD-refutation of 
length n using a', where a = {Q/Bfjo"'. Consider now the goal G. By Definition 17.181 we 

get that (Q El • • • E^) ^^^'^ Bt (Ei{Q/Bt}) • • • (Efc{Q/BJ). Notice now that: 

{Bt (Ei{Q/Bt}) • • • {Eu{Q/Bt}))0{Q/Bt] = Bt {EiO{Q/Bt}) ■ ■ ■ (E,,0{Q/BJ) 

Then, since Bt (Ei6'{Q/Bt}) • • • {EkO{Q/Bt}) has an SLD-refutation of length n using a', we 
get by the induction hypothesis that Bt (Ei{Q/Bt}) • • • (Efc{Q/Bt}) has an SLD-refutation us- 
ing substitution 6' , where for some substitution 7 it holds 5'^ D 0{Q/Bt}a' and dom{5'^ — 
0{Q/Bt}a') is a set of template variables that are introduced during this SLD-refutation; notice 
that these template variables can be chosen to be different than the variables in FV{Bt). From 
the above discussion we conclude that (Q Ei • • • E^) has an SLD-refutation using substitution 
§ = {Q/Bt}6'. Moreover, it holds that 6j = {Q/Bt}5'7 D {Q/Bt}0{Q/Bt}c7' = 0{Q/Bt}(T' = 
Oa and dom{6j — Oct) is a set of template variables that are introduced during the refutation 
of (QEi---Efc). 

Case 3: G =^ ((AV.E) Ei • • • E^). Then, GO =^ {{XV.EO) (EiO) ■ ■ ■ (EkO)). By Definition EH] 
we get that (AV.E0) (E^O) ■ ■ ■ (EkO) 4 {EO{V /{EiO)}) {E2O) ■ ■ ■ (EkO). Moreover, by assumption, 
{E0{\/ /{EiO)}) {E2O) ■ ■ ■ (EkO) has an SLD-refutation of length n using a. Consider now the goal 
G. By Definition [7181 we get that (AV.E) Ei • • • E^ A (E{V/Ei}) E2 • • • Efc. Notice now that 
((E{V/Ei}) E2 • • • Ek)0 = {EO{\//{EiO)}) {E2O) ■ ■ ■ (EkO), and since the latter expression has an 
SLD-refutation of length n using a, we get by the induction hypothesis that (E{V/Ei}) E2 • • • Efc 
has an SLD-refutation using a substitution 5, where for some substitution 7 it holds 5j ^ Oa 
and dom{S'y — Oa) is a set of template variables that are introduced during this refutation. 
But then, ((AV.E) Ei ■ ■ ■ E^) has an SLD-refutation using substitution 5 which satisfies the 
requirements of the lemma. 

Case 4: G =^ ((E' V. E") Ei • • • E^). Then, GO =^ {{E'O V, E"e) (E^O) ■ ■ ■ (EkO)). By Defini- 

tion[7l8]we get that {E'9 E"^) (Ei^) • • • (Efc^) 4 (E'O) {EiO) ■ ■ ■ (EkO) (and symmetrically for 
E"). By assumption, either (E'^) (Ei^) • • • (E^^) or {E"0) (EiO) ■ ■ ■ (EkO) has an SLD-refutation 
of length n using a. Assume, without loss of generality, that {E'9) (EiO) ■ ■ ■ (E^O) has an SLD- 
refutation of length n using a. Consider now the goal G. By Definition 17.181 we get that 
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(E' E") El • • • Efc 4 E' El • • • Efc. Notice now that (E' Ei • • • Ek)9 = (E'0) (Ei^) • • • (Efc0), and 
since the latter expression has an SLD-refutation of length n using a, we get by the induction 
hypothesis that E' Ei • • • E^ has an SLD-refutation using a substitution 5, where for some sub- 
stitution 7 it holds (57 5 6a and dom[5^ — 6a) is a set of template variables that are introduced 
during this refutation. But then, (E' \J ^ E") Ei • • • E^ has an SLD-refutation using substitution 
5 which satisfies the requirements of the lemma. 

Case 5: G =^ ((E' A. E") Ei • • • E^). Then, =^ {{E!6 A, E"0) (Ei^) • • • (E^^)). By Defini- 
tion mm we get (E'0 V. E"0) (Ei^) ■ • • (E^^) A ((E'0) (Ei0) • • • (E^^)) A ((E"0) (Ei^) • • • {Ek6)). 
By assumption, ((E'0) (Ei^) • • • (Efc6')) A {{^"6) (Ei6') • • • (Efc^)) has an SLD-refutation of length 
n using a. Consider now the goal G. By Definition I7.18| we get that (E' /\^ E") Ei • • • E^ A 
(E' El • • • Efc) A (E" El • • • Efc). Notice now that it holds that ((E' Ei • • • E^) A (E" Ei • • • Efc))0 = 
1{E!6) (Ei6') • • • (Efc6')) A((E"6') (Ei6l) • • • (Efc6')); since the latter expression has an SLD-refutation 
of length n using a, we get by the induction hypothesis that (E' Ei • • • E^,) A (E" Ei • • • E^,) has 
an SLD-refutation using a substitution 5, where for some substitution 7 it holds ^7 2 6a 
and dom{6'y — 6a) is a set of template variables that are introduced during this refutation. 
But then, (E' Att E") Ei • • • E^ has an SLD-refutation using substitution 5 which satisfies the 
requirements of the lemma. 

Case 6: G =^ (□ A E). Then, G0 =^ (□ A (E^)). By Definition EIS] we get (□ A (E0)) A E0. 
By assumption, E0 has an SLD-refutation of length n using a. Consider now the goal G. By 
Definition I7.18| we get that (□ A E) A E. Since E0 has an SLD-refutation of length n using 
a, we get by the induction hypothesis that E has an SLD-refutation using a substitution 5, 
where for some substitution 7 it holds 5^ 5 6a and dom{6j — 6a) is a set of template variables 
that are introduced during this refutation. But then, (DAE) has an SLD-refutation using 
substitution 5 which satisfies the requirements of the lemma. 

Case 7: G =■(— (E A □). Almost identical to the previous case. 

Case 8: G =^ (3VE). Then, Q6 =^ (3V(E6l)). By Definition EE] we get (3V(E6I)) A E6. 
By assumption, E6 has an SLD-refutation of length n using a. Consider now the goal G. By 
Definition I7.18|. we get that (3V E) A E. Since Ed has an SLD-refutation of length n using 
a, we get by the induction hypothesis that E has an SLD-refutation using a substitution 6, 
where for some substitution 7 it holds ^7 5 6a and dom{6j — 6a) is a set of template variables 
that are introduced during this refutation. But then, (3V E) has an SLD-refutation using 
substitution 5 which satisfies the requirements of the lemma. 

Case 9: G =-^— (Ei A E2). We may assume without loss of generality that given the goal 
Gd =^ (Ei^ A E26), the first step in the refutation will take place due to the subexpression 
El 6*. Moreover, again without loss of generality, due to the associativity of A, we assume that 
El is not an expression that contains a top-level A (ie., it is not of the form Ai A A2). The proof 
could be easily adapted to circumvent the two assumptions just mentioned (but this would 
result in more cumbersome notation). We perform a case analysis on Ei: 

Subcase 9.1: Ei = (Ai « A2). Then, we have ((Ai f» A2)6' A E26') A (□ A E26'cji), where ai is 
an mgu of Ai^ and ^26- By assumption, (□ A E2^cri) has an SLD-refutation of length n using 

a' , where a = aia' . Consider now (El A E2). By Definition Em it holds that (Ai f» A2) A □, 

where 5i is an mgu of Ai, A2. By Definition 17. 181 we get that ((Ai A2) A E2) -^^ (□ A E25i). 
Since 6ai is a unifier of Ai,A2, there exists 6' such that dai = 5i6', and since (□ A E26ai) 
has an SLD-refutation of length n using a' , we get that (□ A E2S19') = (□ A E25i)d' has an 
SLD-refutation of length n using a' . By the induction hypothesis we get that (□ A E2S1) has an 
SLD-refutation using 5' , where ^'7 ^ 9'a' and dom{5'j — 6'a') is a set of template variables that 
are introduced during the refutation of this goal. But then, (Ei A E2) has an SLD-refutation 



41 



using substitution 5 = Si5' . Moreover, it holds that ^7 = Si5'j 5 SiO'cr' = Oaicr' = Oct. 

Subcase 9.2: Ei = (QAi---Ar). Consider first the case where 9{Q) = B, for some basic 
expression B. Notice now that B can be either a higher-order predicate variable or a finite- 
union of lambda abstractions. We examine the case where B is a single lambda abstraction (the 
other two cases are similar). Since B is a lambda abstraction, we have that Ei^ E'^, where E'^ 
is the resulting expression after performing the outer beta reduction in Ei^. By Definition 17. 181 
we have that (Ei A ^2)6 — > E'^ A E20. By assumption, E'j^ A E20 has an SLD-refutation of 

length n using a. Consider now (Ei A E2). By Definition 17.181 it holds that Ei E'j', 
where E'/ = Ei{Q/Bt} and B = Bf7i, for some substitution 71, with dom{'^i) = FV{Bt). 
We may assume without loss of generality that the set dom^-ji) is disjoint from FV{G) and 
from dom{e) U FV{range(9)). By Definition [7l8l we also get that E'( 4 E'(' , where E'(' 
is the expression that results after performing the outer beta reduction in E". Then, by 

Definition EIS] we get that Ei A E2 ^^-^'^ E'/aE2{Q/BJ and E'/AE2{Q/BJ A E'/' A E2{Q/Bt}. 
Notice now that (E'" A E2{Q/Bf})6'7i = E'^ A E2O, and since E'^^ A E2O has an SLD-refutation 
of length n using a, we get by the induction hypothesis that {E'(' A E2{Q/Bt}) has an SLD- 
refutation using 5' , where for some substitution 7 it holds 6'j ^ ^710" and dom{5'j — Ojia) 
is a set of template variables that are introduced during this SLD-refutation. But then, 
El A E2 has an SLD-refutation using substitution 5 = {Q/Bt}5'. Moreover, it holds that 
57 = {Q/Bf}5'j 5 {Q/Bf}07i(T 2 9a and dom(5j — 9a) is a set of template variables that are 
introduced during the refutation of G. 

Consider now the case where 9{Q) is undefined, ie., there does not exist a binding for Q 

in 9. Then, we have that Ei^ ^^^'^ E[, where E^ = Bt (Ai0{Q/Bt}) • • • (A,.0{Q/Bt}). We 
may assume without loss of generality that the set FV{Bt) is disjoint from FV{G) and from 

dom{9)UFV{range{9)). By Definition [7l8] we have that (Ei A Es)^ ^^^'^ E[ A (E26'{Q/B4}). 
By assumption, E'^ A (E20{Q/Bt}) has an SLD-refutation of length n using a', where a = 

{Q/Bt}a'. Consider now (Ei A E2). By Definition [7151 it holds that Ei E'(, where 

E'( = Ei{Q/BJ. By Definition EH] we get that Ei A E2 ^'^^'^ E'/ A E2{Q/Bt}. Notice now 
that (E'Z A E2{Q/Bt})6'{Q/BJ = E^ A E20{Q/Bt}, and since E; A E20{Q/Bt} has an SLD- 
refutation of length n using a' , we get by the induction hypothesis that {E'( A E2{Q/Bt}) has 
an SLD-refutation using S', where for some substitution 7 it holds that 5'^ ^ 9{Q/Bt}a' , 
and dora{5'^ — 9{Q/Bt}a') is a set of template variables that are introduced during this SLD- 
refutation; notice that these template variables can be chosen to be different than the variables 
in FV{Bt). Then, Ei A E2 has an SLD-refutation using substitution 5 = {Q/Bt}5' . Moreover, 
it holds that (57 = {Ql/Bt}5'-f D {Q/Bt}9{Q/Bt}a' = 9{Q/Bt}a' = 9a and dom(57 - 9a) is a 
set of template variables that are introduced during the refutation of G. 

Subcase 9.3: Ei =^ ((A' A") Ai • • • A,.). Then, Ei9 = {A' 9 \/ ^ A" 9) {Ai9) ■ ■ ■ {Ar9) . By 
Definition EH] we get that {A'9\/^A"9) {Ai9) ■ ■ ■ {Ar9) A {A' 9) {Ai9) ■ ■ ■ {Ar9) (and symmet- 
rically for A"). By Definition EH] we have {Ei9 A E26') A {{A'9) {Ai9) ■ ■ ■ {Ar9)) A E26I and 
(Ei^ A E2&) A {{A"9) {Ai9) ■ ■ ■ {Ar9)) A Es^. By assumption, either {{A'9) {Ai9) ■ ■ ■ {Ar9)) A E20 
or {{A"9) {Ai9) ■ ■ ■ {Ar9)) A E29 has an SLD-refutation of length n using a. Assume, without 
loss of generality, that {{A'9) {Ai9) ■ ■ ■ {Ar9)) A E2^ has an SLD-refutation of length n using a. 
Notice now that by Definition \7\TE\ we have that (A' V^r A") Ai • • • A^ A A' Ai • • • A^. More- 
over, notice that ((A' Ai • • • A^) A E2)6' = {{A'9) {Ai9) ■ ■ ■ {Ar9)) A E26', and since the latter 
expression has an SLD-refutation of length n using a, we get by the induction hypothesis that 
((A' Ai • • • Ar) A E2) has an SLD-refutation using a substitution 5, where for some substitution 
7 it holds 6j 5 9a and dom{5^ — 9a) is a set of template variables that are introduced during 
this refutation. But then, ((A' \/^ A") Ai • • • A^) A E2 has an SLD-refutation using substitution 
5 which satisfies the requirements of the lemma. 
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Subcase 9.4: Ei has any other form except for the ones examined in the previous three subcases. 
Then, it can be verified that in all these subcases it holds that Ei^ A E'^^, for some E'^. By 
Definition 17. 181 we have that (Ei A E2)9 A E'^ A {E26). By assumption, E'^^ A {E26) has an SLD- 
refutation of length n using a. Consider now (Ei A E2). By Definition 17.181 and by examination 
of all the possible cases for Ei it can be seen that Ei A E", where E'^^ = E'(9. By Definition 17. 181 

we get that Ei A E2 A E'( A E2. Notice now that (E'/ A E2)6' = E'^ A E26', and since E'^^ A E26' has an 
SLD-refutation of length n using a, we get by the induction hypothesis that {E'( A E2) has an 
SLD-refutation using 5, where for some substitution 7 it holds that ^7 ^ 9a, and dom(6j — 9a) 
is a set of template variables that are introduced during this SLD-refutation. Then, Ei A E2 
has an SLD-refutation using substitution 5 which satisfies the requirements of the lemma. I 

F Proof of Lemma 17.351 

Lemma 17.351 Let P be a program and G =■(— A be a goal such that |A]^(_Lip) = 1 for all 
Herbrand states s. Then, there exists an SLD-refutation for P U {G} with computed answer 
equal to the identity substitution. 

Proof. We establish a stronger statement which has the statement of the lemma as a special 
case. Let us call a substitution 9 closed if every expression in range{9) is closed. We demon- 
strate that for every closed basic substitution 9, if |A6']g(_Lip) = 1 for all Herbrand states s, 
then there exists an SLD-refutation for P U {M} with computed answer equal to the identity 
substitution. The statement of the lemma is then a direct consequence for 9 = e. 

We start by noting that A is always of the form (Aq Ai • • • A„), n > (if n = then Aq is 
of type o). We perform induction on the type pi — >•••/)„ ^ o of Aq. 

Outer Induction Basis: The outer induction basis is for n = 0, ie., for type(Ao) = o, and in 
order to establish it we need to perform an inner structural induction on Aq. 

Inner Induction Basis: For the inner induction basis we need to examine the cases where Aq is 
0, 1, (El « E2) and Q, where type{Q) = o. The first case is not applicable since |O0]g(±jp) = 0. 
The second case is immediate. We examine the latter two cases: 

Case 1: Aq = (Ei E2). Since for all s it holds that [(Ei ^ E2)0]^(-Lip) = 1, we get that 
for all s, [Ei0]g(±ip) = |E20]g(-Lip). By the fact that _Lxp is a Herbrand interpretation, we 
conclude that Ei9 and E2^ must be identical expressions of type i, and therefore they are 
unifiable using the identity substitution. 

Case 2: Aq = Q, with type{Q) = 0. If 9{Q) = then it can not be the case that |Ao]g(Xxp) = 1, 
and therefore this case is not applicable. If ^(Q) = 1, the result is trivial. If on the other hand 
Q ^ dom{9), then this case is not applicable since it is not possible to have |Ao^]^(-Lxp) = 1, 
for all s (eg. choose s such that s(Q) = 0). 

Inner Induction Step: We distinguish the following cases: 

Case 1: Aq = (3QE). We can assume without loss of generality that Q dom[9). Since 
for all s it holds that |(3Q E)6']^(_L2p) = 1, it follows that [E6']^[^/Q](_L2p) = 1 for some 
h G Fup{type{Q)) . Let 9' = {Q/B} where B is a closed basic expression such that |B](_L2p) = h 
(the existence of such an expression B is ensured by Lemma l7.6p . Then it is easy to see that 
|E00']g(_Lxp) = 1 for all states s. By the induction hypothesis there exists an SLD-refutation 
for P U {E99'} using some substitution a and with computed answer equal to the identity 
substitution. Using Lemma 17.271 it follows that there exists an SLD-refutation of P U {E0} 
using substitution 5 where for some substitution 7 it holds that ^7 5 {Q/Bjcr; moreover. 
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dom{5^ — {Q/B}cj) is a set of template variables that are introduced during the refutation of 
P U {E0}. Since the restriction of a to the free variables of E06' is the identity substitution, it 
follows that the restriction of 6 to the free variables of E9 will either be empty or it will only 
contain the binding Q/B. We conclude that there exists a refutation of P U {(3Q E)0} using 
substitution e5 = 5. The computed answer is the identity substitution since Q is not a free 
variable of (3Q E)(9. 

Case 2: Aq = (Ei A E2). By assumption, [(Ei A E2)6']^(_Lxp) = 1, for all s. Then, it holds 
|Ei0]^(_Lxp) = 1 and [E20]^(-L2p) = 1. By the induction hypothesis there exist SLD-refutations 
for PU{-<— Ei^} and Pu{^ E2^} with computed answers equal to the identity substitution. Let 
9i and 62 be the compositions of the substitutions used for the refutations of P U Ei^} and 
PU{^ E2^} respectively. Now, since the computed answer of the refutation for Pu{Ei^} is the 
identity, this implies that the free variables of E26 that also appear free in Ei^ do not belong to 
domiOi). Moreover, the rest of the free variables of E2^ do not belong to dom{9i), because the 
variables of 9i have been obtained by using resolution steps that only involve "fresh" variables. 
In conclusion, the restriction of 9i to the free variables of (Ei A E2)^ is the identity substitution 
(and similarly for 02)- These observations imply that E299i = E29. But then, we can construct 
a refutation for P U {-^ (Ei^ A E2^)} by first deriving □ from Ei^ and then deriving □ from 
E2001 = E29. The substitution used for the refutation of P U {■(— (Ei A E2)9} is ^1^2 and the 
computed answer is equal to the restriction of 9i92 to the free variables of (Ei A E2)^, which 
gives the identity substitution. 

Case 3: Aq = (Ei V E2). By assumption, |(Ei V E2)6']j,(_Ljp) = 1, for all s. Then, it either 
holds that |Ei6']g(Xjp) = 1 or |E26']^(_Lxp) = 1. Without loss of generality, assume that 
|Ei0]g(±Xp) = 1. By the induction hypothesis there exists an SLD-refutation for P U {-^ Ei^} 
with computed answer equal to the identity substitution. But then Pu{-^ (Ei6'VE2^)} has an 
SLD-refutation whose first step leads to (Ei0) using e and then proceeds according to the 
SLD-refutation of (Ei^). The computed answer of this refutation is obviously the identity 
substitution. 

Outer Induction Step: Assume the lemma holds when Aq has type pi — >■ • • • Pn-i o, n > I. 
We establish the lemma for the case where Aq has type n = pi ^ ■ ■ ■ pn ^ o. We distinguish 
the following cases: 

Case 1: Aq = p (ie., A = pAi---A„). This case is not applicable since _Lxp(p) =^-^T and 
therefore [A]^(_Lip) = 0, for all s. 

Case 2: Aq = Q (ie., A = QAi---A„). If Q ^ dom{9) then this case is not applica- 
ble since it is not possible to have |A]^(_L2p) = 1, for all s (eg. take s(Q) =-L7r). If on 
the other hand Q G dom{9), then ^(Q) is a basic expression of type vr, ie., it is a non- 
empty finite union of lambda abstractions. We demonstrate the case where ^(Q) is a single 
lambda abstraction; the more general case is similar and omitted. Assume therefore that 
9{Q) = AV.E. Then, since [(AV.E) (A16') • • • (A„6')|^(_Lxp) = 1, by Lemma EH we get that 
|(E{V/Ai0}) (A26') • • • (A„0)]^(_Lip) = 1. By assumption, is a closed substitution and there- 
fore the only free variable that appears in E is V. Therefore, |((E{V/Ai}) A2 • • • A„)^]^(_L2p) = 
1. By the outer induction hypothesis we get that P U ((E{V/Ai}) A2 • • • A„)0} has an 
SLD-refutation using substitution 5, with computed answer equal to the identity substitu- 
tion. By the definition of SLD-resolution we get that P U (W/.E) (Ai^) • • • (A„6'))} has an 
SLD-refutation using the substitution e5 = 5; the computed answer of this refutation is the 
restriction of 6 to the free variables of ((AV.E) Ai • • • A„)0 which (by our previous discussion) 
gives the identity substitution. 

Case 3: Aq = AV.E (ie., A = (AV.E) Ai • • • A„. We can assume without loss of general- 
ity that V dom{9)iJ FV{range{9)). Then, since |(AV.E0) (Ai^) • • • (A„0)]^(±ip) = 1, by 
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Lemma [m we get that [(E6l{V/Ai6'}) (A26') • • • (A„6l)]^(_Lxp) = 1- By the outer induction 
hypothesis P U {-^ (E0{V/Ai6'}) (A26') • • • (A„6')} has an SLD-refutation using substitution 6, 
with computed answer equal to the identity substitution. By the definition of SLD-resolution 
we get that P U ((AV.E0) (Ai^) • • • (A„0))} has an SLD-refutation using the substitution 
6(5 = 5; the computed answer of this refutation is the restriction of 6 to the free variables of 
((AV.E) Ai • • • An)0 which (by our previous discussion) gives the identity substitution. 

Case 4: Aq = (E' E") (ie., A = (E' E") Ai • • • A„), where vr / o. The proof for this case 
follows easily using the outer induction hypothesis. 

Case 5: Aq = (E' E") (ie., A = (E' E") Ai • • • A„), where vr / o. The proof for this case 

follows easily using the outer induction hypothesis. I 
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